Certbot: Difference between revisions

From Omnia
Jump to navigation Jump to search
(Created page with "== certbot == == Letsencrypt.org == See Letsencrypt.org === Ubuntu === Install: sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-apache Auto install certificates: sudo certbot --apache Or just get a certificate: sudo certbot certonly --apache Test automatic renewal: sudo certbot renew --dry-ru...")
 
 
(2 intermediate revisions by the same user not shown)
Line 4: Line 4:


See [[Letsencrypt.org]]
See [[Letsencrypt.org]]
== Usage ==
=== List Certificates ===
certbot certificates
=== Renew ===
certbot renew
Quiet:
certbot -q renew
Cert saved to:
/etc/letsencrypt/live/[DOMAIN]/fullchain.pem
key: /etc/letsencrypt/live/[DOMAIN]/privkey.pem
cert: /etc/letsencrypt/live/[DOMAIN]/cert.pem
fullchain: /etc/letsencrypt/live/[DOMAIN]/fullchain.pem
chain: /etc/letsencrypt/live/[DOMAIN]/chain.pem
Generated config saved to:
/etc/letsencrypt/renewal/[DOMAIN].conf
Logs saved to:
/var/log/letsencrypt/letsencrypt.log
---
/etc/cron.d/certbot
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
-q, --quiet  # Silence all output except errors. Useful for automation via cron. Implies --non-interactive. (default: False)
=== apache ===
SSLCertificateFile      /etc/ssl/DOMAIN/DOMAIN-fullchain.pem
SSLCertificateKeyFile /etc/ssl/DOMAIN/DOMAIN-privatekey.key
== Install ==


=== Ubuntu ===
=== Ubuntu ===

Latest revision as of 07:04, 10 June 2024

certbot

Letsencrypt.org

See Letsencrypt.org

Usage

List Certificates

certbot certificates

Renew

certbot renew

Quiet:

certbot -q renew


Cert saved to:

/etc/letsencrypt/live/[DOMAIN]/fullchain.pem
key: /etc/letsencrypt/live/[DOMAIN]/privkey.pem
cert: /etc/letsencrypt/live/[DOMAIN]/cert.pem
fullchain: /etc/letsencrypt/live/[DOMAIN]/fullchain.pem
chain: /etc/letsencrypt/live/[DOMAIN]/chain.pem

Generated config saved to:

/etc/letsencrypt/renewal/[DOMAIN].conf

Logs saved to:

/var/log/letsencrypt/letsencrypt.log

---

/etc/cron.d/certbot
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
-q, --quiet   # Silence all output except errors. Useful for automation via cron. Implies --non-interactive. (default: False)

apache

SSLCertificateFile      /etc/ssl/DOMAIN/DOMAIN-fullchain.pem
SSLCertificateKeyFile /etc/ssl/DOMAIN/DOMAIN-privatekey.key

Install

Ubuntu

Install:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache

Auto install certificates:

sudo certbot --apache

Or just get a certificate:

sudo certbot certonly --apache

Test automatic renewal:

sudo certbot renew --dry-run

ref: https://certbot.eff.org/lets-encrypt/ubuntubionic-apache


CentOS

Install:

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

Auto install certificates:

sudo /usr/local/bin/certbot-auto --apache

Or just get a certificate:

sudo /usr/local/bin/certbot-auto certonly --apache

Automatic renewal: (crontab)

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null

ref: https://certbot.eff.org/lets-encrypt/centos6-apache

keywords