Certbot: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== certbot == == Letsencrypt.org == See Letsencrypt.org === Ubuntu === Install: sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-apache Auto install certificates: sudo certbot --apache Or just get a certificate: sudo certbot certonly --apache Test automatic renewal: sudo certbot renew --dry-ru...") |
(→Usage) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
See [[Letsencrypt.org]] | See [[Letsencrypt.org]] | ||
== Usage == | |||
=== List Certificates === | |||
certbot certificates | |||
=== Renew === | |||
certbot renew | |||
Quiet: | |||
certbot -q renew | |||
Cert saved to: | |||
/etc/letsencrypt/live/[DOMAIN]/fullchain.pem | |||
key: /etc/letsencrypt/live/[DOMAIN]/privkey.pem | |||
cert: /etc/letsencrypt/live/[DOMAIN]/cert.pem | |||
fullchain: /etc/letsencrypt/live/[DOMAIN]/fullchain.pem | |||
chain: /etc/letsencrypt/live/[DOMAIN]/chain.pem | |||
Generated config saved to: | |||
/etc/letsencrypt/renewal/[DOMAIN].conf | |||
Logs saved to: | |||
/var/log/letsencrypt/letsencrypt.log | |||
--- | |||
/etc/cron.d/certbot | |||
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew | |||
-q, --quiet # Silence all output except errors. Useful for automation via cron. Implies --non-interactive. (default: False) | |||
=== apache === | |||
SSLCertificateFile /etc/ssl/DOMAIN/DOMAIN-fullchain.pem | |||
SSLCertificateKeyFile /etc/ssl/DOMAIN/DOMAIN-privatekey.key | |||
== Install == | |||
=== Ubuntu === | === Ubuntu === |
Latest revision as of 07:04, 10 June 2024
certbot
Letsencrypt.org
See Letsencrypt.org
Usage
List Certificates
certbot certificates
Renew
certbot renew
Quiet:
certbot -q renew
Cert saved to:
/etc/letsencrypt/live/[DOMAIN]/fullchain.pem
key: /etc/letsencrypt/live/[DOMAIN]/privkey.pem cert: /etc/letsencrypt/live/[DOMAIN]/cert.pem fullchain: /etc/letsencrypt/live/[DOMAIN]/fullchain.pem chain: /etc/letsencrypt/live/[DOMAIN]/chain.pem
Generated config saved to:
/etc/letsencrypt/renewal/[DOMAIN].conf
Logs saved to:
/var/log/letsencrypt/letsencrypt.log
---
/etc/cron.d/certbot
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
-q, --quiet # Silence all output except errors. Useful for automation via cron. Implies --non-interactive. (default: False)
apache
SSLCertificateFile /etc/ssl/DOMAIN/DOMAIN-fullchain.pem SSLCertificateKeyFile /etc/ssl/DOMAIN/DOMAIN-privatekey.key
Install
Ubuntu
Install:
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update
sudo apt-get install certbot python-certbot-apache
Auto install certificates:
sudo certbot --apache
Or just get a certificate:
sudo certbot certonly --apache
Test automatic renewal:
sudo certbot renew --dry-run
ref: https://certbot.eff.org/lets-encrypt/ubuntubionic-apache
CentOS
Install:
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
Auto install certificates:
sudo /usr/local/bin/certbot-auto --apache
Or just get a certificate:
sudo /usr/local/bin/certbot-auto certonly --apache
Automatic renewal: (crontab)
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
ref: https://certbot.eff.org/lets-encrypt/centos6-apache