Letsencrypt.org: Difference between revisions
Jump to navigation
Jump to search
(→Ubuntu) |
|||
| (6 intermediate revisions by the same user not shown) | |||
| Line 10: | Line 10: | ||
https://letsencrypt.org/getting-started/ | https://letsencrypt.org/getting-started/ | ||
== Certificates == | |||
Private key: | |||
/etc/letsencrypt/live/[DOMAIN]/privkey.pem | |||
Cert: | |||
/etc/letsencrypt/live/[DOMAIN]/cert.pem | |||
/etc/letsencrypt/live/[DOMAIN]/fullchain.pem # <-- recommended option | |||
/etc/letsencrypt/live/[DOMAIN]/README : | |||
<pre> | |||
This directory contains your keys and certificates. | |||
`privkey.pem` : the private key for your certificate. | |||
`fullchain.pem`: the certificate file used in most server software. | |||
`chain.pem` : used for OCSP stapling in Nginx >=1.3.7. | |||
`cert.pem` : will break many server configurations, and should not be used | |||
without reading further documentation (see link below). | |||
WARNING: DO NOT MOVE OR RENAME THESE FILES! | |||
Certbot expects these files to remain in this location in order | |||
to function properly! | |||
We recommend not moving these files. For more information, see the Certbot | |||
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates. | |||
</pre> | |||
== certbot == | == certbot == | ||
| Line 18: | Line 45: | ||
sudo apt-get update | sudo apt-get update | ||
sudo apt-get install software-properties-common | sudo apt-get install software-properties-common | ||
Maybe needed: | |||
sudo add-apt-repository universe | sudo add-apt-repository universe | ||
sudo add-apt-repository ppa:certbot/certbot | sudo add-apt-repository ppa:certbot/certbot | ||
sudo apt-get update | sudo apt-get update | ||
sudo apt-get install certbot python-certbot-apache | |||
sudo apt-get install certbot | Try first: | ||
sudo apt search certbot | grep apache | |||
python3-certbot-apache | |||
sudo apt-get install certbot python3-certbot-apache | |||
Any "ServerName" VirtualHost entries found will be auto-recognized. | |||
Auto install certificates: | Auto install certificates: | ||
sudo certbot --apache | sudo certbot --apache | ||
# or - if you only have apache installed: | |||
sudo certbot | |||
Or just get a certificate: | Or just get a certificate: | ||
| Line 34: | Line 72: | ||
ref: https://certbot.eff.org/lets-encrypt/ubuntubionic-apache | ref: https://certbot.eff.org/lets-encrypt/ubuntubionic-apache | ||
=== CentOS === | === CentOS === | ||
| Line 54: | Line 91: | ||
ref: https://certbot.eff.org/lets-encrypt/centos6-apache | ref: https://certbot.eff.org/lets-encrypt/centos6-apache | ||
== acme-dns == | |||
https://github.com/joohoi/acme-dns | |||
== Old Notes == | == Old Notes == | ||
| Line 86: | Line 127: | ||
Donating to EFF: https://eff.org/donate-le | Donating to EFF: https://eff.org/donate-le | ||
</pre> | </pre> | ||
== notes == | |||
https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#157-use-google-domains-dns-api | |||
== Google Domains == | |||
https://go-acme.github.io/lego/dns/googledomains/ | |||
https://github.com/aaomidi/certbot-dns-google-domains | |||
== Namescheap == | |||
https://www.namecheap.com/support/api/intro/ | |||
https://go-acme.github.io/lego/dns/namecheap/ | |||
== keywords == | |||
Latest revision as of 23:28, 25 January 2026
Let's Encrypt Free SSL Certificates
Let's Encrypt - Free SSL/TLS Certificates
Let’s Encrypt is a free, automated, and open Certificate Authority.
Site: http://letsencrypt.org
Getting started
https://letsencrypt.org/getting-started/
Certificates
Private key:
/etc/letsencrypt/live/[DOMAIN]/privkey.pem
Cert:
/etc/letsencrypt/live/[DOMAIN]/cert.pem /etc/letsencrypt/live/[DOMAIN]/fullchain.pem # <-- recommended option
/etc/letsencrypt/live/[DOMAIN]/README :
This directory contains your keys and certificates.
`privkey.pem` : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem` : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem` : will break many server configurations, and should not be used
without reading further documentation (see link below).
WARNING: DO NOT MOVE OR RENAME THESE FILES!
Certbot expects these files to remain in this location in order
to function properly!
We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.
certbot
Ubuntu
Install:
sudo apt-get update sudo apt-get install software-properties-common
Maybe needed:
sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-apache
Try first:
sudo apt search certbot | grep apache python3-certbot-apache
sudo apt-get install certbot python3-certbot-apache
Any "ServerName" VirtualHost entries found will be auto-recognized.
Auto install certificates:
sudo certbot --apache # or - if you only have apache installed: sudo certbot
Or just get a certificate:
sudo certbot certonly --apache
Test automatic renewal:
sudo certbot renew --dry-run
ref: https://certbot.eff.org/lets-encrypt/ubuntubionic-apache
CentOS
Install:
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
Auto install certificates:
sudo /usr/local/bin/certbot-auto --apache
Or just get a certificate:
sudo /usr/local/bin/certbot-auto certonly --apache
Automatic renewal: (crontab)
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
ref: https://certbot.eff.org/lets-encrypt/centos6-apache
acme-dns
https://github.com/joohoi/acme-dns
Old Notes
Renewal
/path/to/certbot-auto renew --dry-run /path/to/certbot-auto renew
Autoamted Renewal:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /path/to/certbot-auto renew
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/test.t0e.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/test.t0e.org/privkey.pem Your cert will expire on 2019-04-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
notes
https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#157-use-google-domains-dns-api
Google Domains
https://go-acme.github.io/lego/dns/googledomains/
https://github.com/aaomidi/certbot-dns-google-domains
Namescheap
https://www.namecheap.com/support/api/intro/
https://go-acme.github.io/lego/dns/namecheap/