Letsencrypt.org
Let's Encrypt Free SSL Certificates
Let's Encrypt - Free SSL/TLS Certificates
Let’s Encrypt is a free, automated, and open Certificate Authority.
Site: http://letsencrypt.org
Getting started
https://letsencrypt.org/getting-started/
Certificates
Private key:
/etc/letsencrypt/live/[DOMAIN]/privkey.pem
Cert:
/etc/letsencrypt/live/[DOMAIN]/cert.pem /etc/letsencrypt/live/[DOMAIN]/fullchain.pem # <-- recommended option
/etc/letsencrypt/live/[DOMAIN]/README :
This directory contains your keys and certificates. `privkey.pem` : the private key for your certificate. `fullchain.pem`: the certificate file used in most server software. `chain.pem` : used for OCSP stapling in Nginx >=1.3.7. `cert.pem` : will break many server configurations, and should not be used without reading further documentation (see link below). WARNING: DO NOT MOVE OR RENAME THESE FILES! Certbot expects these files to remain in this location in order to function properly! We recommend not moving these files. For more information, see the Certbot User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.
certbot
Ubuntu
Install:
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update
sudo apt-get install certbot python-certbot-apache
Auto install certificates:
sudo certbot --apache
Or just get a certificate:
sudo certbot certonly --apache
Test automatic renewal:
sudo certbot renew --dry-run
ref: https://certbot.eff.org/lets-encrypt/ubuntubionic-apache
CentOS
Install:
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
Auto install certificates:
sudo /usr/local/bin/certbot-auto --apache
Or just get a certificate:
sudo /usr/local/bin/certbot-auto certonly --apache
Automatic renewal: (crontab)
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
ref: https://certbot.eff.org/lets-encrypt/centos6-apache
Old Notes
Renewal
/path/to/certbot-auto renew --dry-run /path/to/certbot-auto renew
Autoamted Renewal:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /path/to/certbot-auto renew
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/test.t0e.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/test.t0e.org/privkey.pem Your cert will expire on 2019-04-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le