Difference between revisions of "Https certbot"

From Anarchaserver
 
(3 intermediate revisions by the same user not shown)
Line 7: Line 7:
  deb http://ftp.debian.org/debian jessie-backports main
  deb http://ftp.debian.org/debian jessie-backports main
save and :
save and :
  apt-get update
  sudo apt-get update
sudo apt-get install python-certbot-apache -t jessie-backports
now we can install the certificates for the main domain and a subdomain using :
now we can install the certificates for the main domain and a subdomain using :
  certbot certonly --webroot -w /var/www/ -d anarchaserver.org
  sudo certbot --apache
  certbot certonly --webroot -w /var/www/zoiahorn/ -d zoiahorn.anarchaserver.org/
 
If you want to manually change the configuration of the virtualhosts, then you can :
certbot --apache certonly --webroot -w /var/www/ -d anarchaserver.org
  certbot --apache certonly --webroot -w /var/www/zoiahorn/ -d zoiahorn.anarchaserver.org/
 
see: https://certbot.eff.org/all-instructions/#debian-8-jessie-apache


== Renew automatically ==
== Renew automatically ==
the command to renew all the certificates is :
Note :
The Debian packaged version of Certbot installs a cron job automatically into /etc/cron.d/certbot. This cronjob runs certbot renew twice a day which will renew certificates that are within the renewal window.
 
To test :
certbot renew --dry-run
 
the command to manually renew all the certificates is :
  certbot renew
  certbot renew
this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see
this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see
  crontab
  crontab
for systemd integration, see https://forum.yunohost.org/t/how-to-install-let-s-encrypt-certificates/1075/83
 
* see https://certbot.eff.org/docs/using.html#renewing-certificates
* see https://certbot.eff.org/docs/using.html#renewing-certificates
Renew mannually a certificate inside a container
certbot certonly -a manual -d transitional.anarchaserver.org --preferred-challenges dns
Place in gandi the TXT rrecod with the name and the content proposed
'''Than reload apache2'''
systemctl reload apache2


== Check the certificates ==
== Check the certificates ==

Latest revision as of 15:55, 9 February 2020

Set up a https certificate

Following the advices from https://certbot.eff.org

Install certbot and the certificates

add jessie-backports to the sourcelist :

sudo nano /etc/apt/sources.list

add the line :

deb http://ftp.debian.org/debian jessie-backports main

save and :

sudo apt-get update
sudo apt-get install python-certbot-apache -t jessie-backports

now we can install the certificates for the main domain and a subdomain using :

sudo certbot --apache

If you want to manually change the configuration of the virtualhosts, then you can :

certbot --apache certonly --webroot -w /var/www/ -d anarchaserver.org
certbot --apache certonly --webroot -w /var/www/zoiahorn/ -d zoiahorn.anarchaserver.org/

see: https://certbot.eff.org/all-instructions/#debian-8-jessie-apache

Renew automatically

Note :

The Debian packaged version of Certbot installs a cron job automatically into /etc/cron.d/certbot. This cronjob runs certbot renew twice a day which will renew certificates that are within the renewal window.

To test :

certbot renew --dry-run 

the command to manually renew all the certificates is :

certbot renew

this command can be added to crontab or run by systemd, the certificates are valid for 3 months so the check can be done once a week or once a day, see

crontab

Renew mannually a certificate inside a container

certbot certonly -a manual -d transitional.anarchaserver.org --preferred-challenges dns

Place in gandi the TXT rrecod with the name and the content proposed

Than reload apache2

systemctl reload apache2

Check the certificates

test on https://www.ssllabs.com/ssltest/

references