Let's Encrypt: Difference between revisions
→Adding multiple domain names for a certificate: Getting certificates for a separate server using manual mode |
m Revoking and/or deleting certificates |
||
Line 6: | Line 6: | ||
This one is for Ubuntu 14.04 (trusty) and pursues the easier-to-use option. I'm assuming that you have a sudo access, although that isn't an absolute requirement. | This one is for Ubuntu 14.04 (trusty) and pursues the easier-to-use option. I'm assuming that you have a sudo access, although that isn't an absolute requirement. | ||
= Installation = | |||
''Last tested on Ubuntu 14.04 LTS (trusty)'' | ''Last tested on Ubuntu 14.04 LTS (trusty)'' | ||
Line 35: | Line 35: | ||
<code>certbot-auto</code> creates a folder in <span class="path">/etc/letsencrypt/</span> as a default. | <code>certbot-auto</code> creates a folder in <span class="path">/etc/letsencrypt/</span> as a default. | ||
= Adding more domains = | |||
After the initial installation, if you need to add more domains you can do it directly from the CLI. | After the initial installation, if you need to add more domains you can do it directly from the CLI. | ||
Line 43: | Line 43: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
= Configuring to auto-renew certificate = | |||
<code>certbot-auto</code> can also auto-renew certificates by adding a command as a cronjob. | <code>certbot-auto</code> can also auto-renew certificates by adding a command as a cronjob. | ||
Line 57: | Line 57: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
= Adding multiple domain names for a certificate = | |||
You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself. | You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself. | ||
Line 77: | Line 77: | ||
</source> | </source> | ||
= Getting certificates for a separate server using manual mode = | |||
This will start an interactively, manual mode. | This will start an interactively, manual mode. | ||
Line 83: | Line 83: | ||
<source lang="bash" highlight="1"> | <source lang="bash" highlight="1"> | ||
$ certbot-auto certonly --manual -d test.com -d www.test.com | $ certbot-auto certonly --manual -d test.com -d www.test.com | ||
</source> | |||
= Revoking and/or deleting certificates = | |||
The optional <span class="package">reason</span> flag can have the following values: | |||
<span class="param">unspecified</span> (default), <span class="param">keycompromise</span>, <span class="param">affiliationchanged</span>, <span class="param">superseded</span>, and <span class="param">cessationofoperation</span>. | |||
<source lang="bash"> | |||
$ certbot-auto revoke --cert-path /etc/letsencrypt/live/bamboo.domain.com/cert.pem --reason cessationofoperation | |||
</source> | </source> |
Revision as of 11:10, 27 August 2018
- Last tested on Ubuntu 14.04.2 LTS (trusty) | easy | less than ten minutes | 27 June 2016
You can find all about Let's Encrypt initiative at their website. The most current instruction can be found at EFF's certbot site.
This one is for Ubuntu 14.04 (trusty) and pursues the easier-to-use option. I'm assuming that you have a sudo access, although that isn't an absolute requirement.
Installation
Last tested on Ubuntu 14.04 LTS (trusty)
Note: On Ubuntu 16.04.01 LTS (xenial), you can just run apt install letsencrypt
and use letsencrypt in place of certbot-auto command in the following instruction. It's the equivalent program, so there doesn't seem to be any issues with parameters used here.
Download the executable and make it executable.
$ sudo wget https://dl.eff.org/certbot-auto
--2016-06-27 18:36:18-- https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 173.239.79.196
Connecting to dl.eff.org (dl.eff.org)|173.239.79.196|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 44115 (43K) [text/plain]
Saving to: ‘certbot-auto’
100%[======================================================================================================================================================>] 44,115 --.-K/s in 0.001s
2016-06-27 18:36:18 (67.8 MB/s) - ‘certbot-auto’ saved [44115/44115]
$ sudo chmod a+x certbot-auto
I prefer to have this type of executable in /usr/local/bin/ folder. It will make it available for other users as well as make it easy add as a cronjob. The ownership is already correct if you used sudo
.
Typing sudo certbot-auto --apache
in CLI will get you to an interactive menu that will list out all of your domains on Apache2 and will easily generate certificates and even add those Apache directives in the respective virtual domain configuration files (not 100%, but works most of the time).
certbot-auto
creates a folder in /etc/letsencrypt/ as a default.
Adding more domains
After the initial installation, if you need to add more domains you can do it directly from the CLI.
$ sudo certbot-auto run --apache -d mydomain.net
Configuring to auto-renew certificate
certbot-auto
can also auto-renew certificates by adding a command as a cronjob.
0 1,13 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade
Use crontab to update the cron jobs, and add the above line.
$ sudo crontab -e
Adding multiple domain names for a certificate
You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself.
$ certbot-auto certonly --webroot -w /srv/www/mysite.com/ -d www.mysite.com -d mysite.com -w /srv/www/blog.mysite.com/ -d blog.mysite.com
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/mysite.com/fullchain.pem. Your cert
will expire on 2016-09-26. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Getting certificates for a separate server using manual mode
This will start an interactively, manual mode.
$ certbot-auto certonly --manual -d test.com -d www.test.com
Revoking and/or deleting certificates
The optional reason flag can have the following values: unspecified (default), keycompromise, affiliationchanged, superseded, and cessationofoperation.
$ certbot-auto revoke --cert-path /etc/letsencrypt/live/bamboo.domain.com/cert.pem --reason cessationofoperation