4,461
edits
use testedon template
m Revoking and/or deleting certificates |
use testedon template |
||
| Line 1: | Line 1: | ||
You can find all about '''Let's Encrypt''' initiative at their [https://letsencrypt.org/ website]. | You can find all about '''Let's Encrypt''' initiative at their [https://letsencrypt.org/ website]. | ||
The most current instruction can be found at [https://www.eff.org/ EFF]'s [https://certbot.eff.org/ certbot] site. | The most current instruction can be found at [https://www.eff.org/ EFF]'s [https://certbot.eff.org/ certbot] site. | ||
| Line 7: | Line 5: | ||
= Installation = | = Installation = | ||
{{Testedon|2016-06-27|Ubuntu 14.04.2 LTS}} | |||
Note: On Ubuntu 16.04.01 LTS (xenial), you can just run <code>apt install letsencrypt</code> and use <span class="package">letsencrypt</span> in place of <span class="package">certbot-auto</span> command in the following instruction. It's the equivalent program, so there doesn't seem to be any issues with parameters used here. | Note: On Ubuntu 16.04.01 LTS (xenial), you can just run <code>apt install letsencrypt</code> and use <span class="package">letsencrypt</span> in place of <span class="package">certbot-auto</span> command in the following instruction. It's the equivalent program, so there doesn't seem to be any issues with parameters used here. | ||
| Line 36: | Line 34: | ||
= Adding more domains = | = Adding more domains = | ||
{{Testedon|2016-06-27|Ubuntu 14.04.2 LTS}} | |||
After the initial installation, if you need to add more domains you can do it directly from the CLI. | After the initial installation, if you need to add more domains you can do it directly from the CLI. | ||
| Line 44: | Line 43: | ||
= Configuring to auto-renew certificate = | = Configuring to auto-renew certificate = | ||
{{Testedon|2016-06-27|Ubuntu 14.04.2 LTS}} | |||
<code>certbot-auto</code> can also auto-renew certificates by adding a command as a cronjob. | <code>certbot-auto</code> can also auto-renew certificates by adding a command as a cronjob. | ||
| Line 58: | Line 58: | ||
= Adding multiple domain names for a certificate = | = Adding multiple domain names for a certificate = | ||
{{Testedon|2016-06-27|Ubuntu 14.04.2 LTS}} | |||
You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself. | You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself. | ||
| Line 78: | Line 79: | ||
= Getting certificates for a separate server using manual mode = | = Getting certificates for a separate server using manual mode = | ||
{{Testedon|2016-06-27|Ubuntu 14.04.2 LTS}} | |||
This will start an interactively, manual mode. | This will start an interactively, manual mode. | ||
| Line 87: | Line 89: | ||
= Revoking and/or deleting certificates = | = Revoking and/or deleting certificates = | ||
{{Testedon|2016-06-27|Ubuntu 14.04.2 LTS}} | |||
The optional <span class="package">reason</span> flag can have the following values: | The optional <span class="package">reason</span> flag can have the following values: | ||
| Line 93: | Line 96: | ||
<source lang="bash"> | <source lang="bash"> | ||
$ certbot-auto revoke --cert-path /etc/letsencrypt/live/bamboo.domain.com/cert.pem --reason cessationofoperation | $ certbot-auto revoke --cert-path /etc/letsencrypt/live/bamboo.domain.com/cert.pem --reason cessationofoperation | ||
</source> | |||
= Generating a certificate for wildcard subdomains = | |||
{{Testedon|2018-09-09|Ubuntu 16.04.5 LTS (xenial)}} | |||
You need to be able to update the DNS zone file for the domain. Usually, this is referred to as DNS records, and many registrars have a way for you to update the records. For this, you should be able to add a TXT record. | |||
<source lang="console"> | |||
$ sudo certbot-auto certonly --manual -d *.mydomain.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory | |||
Saving debug log to /var/log/letsencrypt/letsencrypt.log | |||
Plugins selected: Authenticator manual, Installer None | |||
Obtaining a new certificate | |||
Performing the following challenges: | |||
dns-01 challenge for mydomain.com | |||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |||
Please deploy a DNS TXT record under the name | |||
_acme-challenge.mydomain.com with the following value: | |||
w_DD-eTEIk4VxoNFBm6VbLTkNkcD1pml_DYpzIRtK7M | |||
Before continuing, verify the record is deployed. | |||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |||
Press Enter to Continue | |||
Waiting for verification... | |||
Cleaning up challenges | |||
IMPORTANT NOTES: | |||
- Congratulations! Your certificate and chain have been saved at: | |||
/etc/letsencrypt/live/mydomain.com/fullchain.pem | |||
Your key file has been saved at: | |||
/etc/letsencrypt/live/mydomain.com/privkey.pem | |||
Your cert will expire on 2018-12-08. To obtain a new or tweaked | |||
version of this certificate in the future, simply run certbot-auto | |||
again. To non-interactively renew *all* of your certificates, run | |||
"certbot-auto renew" | |||
- If you like Certbot, please consider supporting our work by: | |||
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | |||
Donating to EFF: https://eff.org/donate-le | |||
</source> | </source> | ||