Certbot

From Omnia
Jump to navigation Jump to search

certbot

Letsencrypt.org

See Letsencrypt.org

Usage

List Certificates

certbot certificates

Renew

certbot renew

Quiet:

certbot -q renew


Cert saved to:

/etc/letsencrypt/live/[DOMAIN]/fullchain.pem
key: /etc/letsencrypt/live/[DOMAIN]/privkey.pem
cert: /etc/letsencrypt/live/[DOMAIN]/cert.pem
fullchain: /etc/letsencrypt/live/[DOMAIN]/fullchain.pem
chain: /etc/letsencrypt/live/[DOMAIN]/chain.pem

Generated config saved to:

/etc/letsencrypt/renewal/[DOMAIN].conf

Logs saved to:

/var/log/letsencrypt/letsencrypt.log

---

/etc/cron.d/certbot
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
-q, --quiet   # Silence all output except errors. Useful for automation via cron. Implies --non-interactive. (default: False)

apache

SSLCertificateFile      /etc/ssl/DOMAIN/DOMAIN-fullchain.pem
SSLCertificateKeyFile /etc/ssl/DOMAIN/DOMAIN-privatekey.key

Install

Ubuntu

Install:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache

Auto install certificates:

sudo certbot --apache

Or just get a certificate:

sudo certbot certonly --apache

Test automatic renewal:

sudo certbot renew --dry-run

ref: https://certbot.eff.org/lets-encrypt/ubuntubionic-apache


CentOS

Install:

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

Auto install certificates:

sudo /usr/local/bin/certbot-auto --apache

Or just get a certificate:

sudo /usr/local/bin/certbot-auto certonly --apache

Automatic renewal: (crontab)

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null

ref: https://certbot.eff.org/lets-encrypt/centos6-apache

keywords