|
|
| Line 84: |
Line 84: |
| </syntaxhighlight> | | </syntaxhighlight> |
|
| |
|
| == Let's Encrypt free SSL certificate ==
| | [[Let's Encrypt]] |
| | |
| * ''Last tested on Ubuntu 14.04.2 LTS (trusty) | easy | less than ten minutes | 27 June 2016''
| |
| | |
| You can find all about '''Let's Encrypt''' initiative at their [https://letsencrypt.org/ website].
| |
| The most current instruction can be found at [https://www.eff.org/ EFF]'s [https://certbot.eff.org/ certbot] site.
| |
| | |
| This one is for Ubuntu 14.04 (trusty) and pursues the easier-to-use option. I'm assuming that you have a sudo access, although that isn't an absolute requirement.
| |
| | |
| === Installation ===
| |
| ''Last tested on Ubuntu 14.04 LTS (trusty)''
| |
| | |
| Note: On Ubuntu 16.04.01 LTS (xenial), you can just run <code>apt install letsencrypt</code> and use <span class="package">letsencrypt</span> in place of <span class="package">certbot-auto</span> command in the following instruction. It's the equivalent program, so there doesn't seem to be any issues with parameters used here.
| |
| | |
| Download the executable and make it executable.
| |
| | |
| <syntaxhighlight lang="bash" highlight="1,13">
| |
| $ sudo wget https://dl.eff.org/certbot-auto
| |
| --2016-06-27 18:36:18-- https://dl.eff.org/certbot-auto
| |
| Resolving dl.eff.org (dl.eff.org)... 173.239.79.196
| |
| Connecting to dl.eff.org (dl.eff.org)|173.239.79.196|:443... connected.
| |
| HTTP request sent, awaiting response... 200 OK
| |
| Length: 44115 (43K) [text/plain]
| |
| Saving to: ‘certbot-auto’
| |
| | |
| 100%[======================================================================================================================================================>] 44,115 --.-K/s in 0.001s
| |
| | |
| 2016-06-27 18:36:18 (67.8 MB/s) - ‘certbot-auto’ saved [44115/44115]
| |
| | |
| $ sudo chmod a+x certbot-auto
| |
| </syntaxhighlight>
| |
| | |
| I prefer to have this type of executable in <span class="path">/usr/local/bin/</span> folder. It will make it available for other users as well as make it easy add as a cronjob. The ownership is already correct if you used <code>sudo</code>.
| |
| | |
| Typing <code>sudo certbot-auto --apache</code> in CLI will get you to an interactive menu that will list out all of your domains on Apache2 and will easily generate certificates and even add those Apache directives in the respective virtual domain configuration files (not 100%, but works most of the time).
| |
| | |
| <code>certbot-auto</code> creates a folder in <span class="path">/etc/letsencrypt/</span> as a default.
| |
| | |
| === Adding more domains ===
| |
| | |
| After the initial installation, if you need to add more domains you can do it directly from the CLI.
| |
| | |
| <syntaxhighlight lang="bash">
| |
| $ sudo certbot-auto run --apache -d mydomain.net
| |
| </syntaxhighlight>
| |
| | |
| === Configuring to auto-renew certificate ===
| |
| | |
| <code>certbot-auto</code> can also auto-renew certificates by adding a command as a cronjob.
| |
| | |
| <div class="cli">
| |
| 0 1,13 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade
| |
| </div>
| |
| | |
| Use crontab to update the cron jobs, and add the above line.
| |
| | |
| <syntaxhighlight lang="bash">
| |
| $ sudo crontab -e
| |
| </syntaxhighlight>
| |
| | |
| === Adding multiple domain names for a certificate ===
| |
| | |
| You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself.
| |
| | |
| <syntaxhighlight lang="bash" highlight="1">
| |
| $ certbot-auto certonly --webroot -w /srv/www/mysite.com/ -d www.mysite.com -d mysite.com -w /srv/www/blog.mysite.com/ -d blog.mysite.com
| |
| | |
| IMPORTANT NOTES:
| |
| - Congratulations! Your certificate and chain have been saved at
| |
| /etc/letsencrypt/live/mysite.com/fullchain.pem. Your cert
| |
| will expire on 2016-09-26. To obtain a new or tweaked version of
| |
| this certificate in the future, simply run certbot-auto again. To
| |
| non-interactively renew *all* of your certificates, run
| |
| "certbot-auto renew"
| |
| - If you like Certbot, please consider supporting our work by:
| |
| | |
| Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
| |
| Donating to EFF: https://eff.org/donate-le
| |
| </syntaxhighlight>
| |
|
| |
|
| == Creating self-signed certificates (usually for SSL connection) == | | == Creating self-signed certificates (usually for SSL connection) == |