Han Wiki

Let's Encrypt: Difference between revisions

Page Discussion

Let's Encrypt (view source)

Revision as of 08:51, 31 August 2023

126 bytes added ,  31 August 2023
m
no edit summary
← Older edit
Tag: visualeditor
mNo edit summary
 
Line 36: Line 36:
= List the certificates =
= List the certificates =


<source lang="console">
<syntaxhighlight lang="console">
$ certbot-auto certificates
$ certbot-auto certificates
</source>
</syntaxhighlight>


= Adding more domains =
= Adding more domains =
Line 69: Line 69:
You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself.
You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself.


<source lang="bash" highlight="1">
<syntaxhighlight lang="bash" highlight="1">
$ certbot-auto certonly --webroot -w /srv/www/mysite.com/ -d www.mysite.com -d mysite.com -w /srv/www/blog.mysite.com/ -d blog.mysite.com
$ certbot-auto certonly --webroot -w /srv/www/mysite.com/ -d www.mysite.com -d mysite.com -w /srv/www/blog.mysite.com/ -d blog.mysite.com


Line 83: Line 83:
   Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate
   Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
   Donating to EFF:                    https://eff.org/donate-le
</source>
</syntaxhighlight>


= Getting certificates for a separate server using manual mode =
= Getting certificates for a separate server using manual mode =
Line 90: Line 90:
This will start an interactively, manual mode.
This will start an interactively, manual mode.


<source lang="bash" highlight="1">
<syntaxhighlight lang="bash" highlight="1">
$ certbot-auto certonly --manual -d test.com -d www.test.com
$ certbot-auto certonly --manual -d test.com -d www.test.com
</source>
</syntaxhighlight>




Line 101: Line 101:
<span class="param">unspecified</span> (default), <span class="param">keycompromise</span>, <span class="param">affiliationchanged</span>, <span class="param">superseded</span>, and <span class="param">cessationofoperation</span>.
<span class="param">unspecified</span> (default), <span class="param">keycompromise</span>, <span class="param">affiliationchanged</span>, <span class="param">superseded</span>, and <span class="param">cessationofoperation</span>.


<source lang="bash">
<syntaxhighlight lang="bash">
$ certbot-auto revoke --cert-path /etc/letsencrypt/live/bamboo.domain.com/cert.pem --reason cessationofoperation
$ certbot-auto revoke --cert-path /etc/letsencrypt/live/bamboo.domain.com/cert.pem --reason cessationofoperation
</source>
</syntaxhighlight>


Revoke AND delete
Revoke AND delete


<source lang="bash">
<syntaxhighlight lang="bash">
$ sudo letsencrypt revoke --cert-path /etc/letsencrypt/live/mydomain.com/fullchain.pem --delete-after-revoke --reason superseded
$ sudo letsencrypt revoke --cert-path /etc/letsencrypt/live/mydomain.com/fullchain.pem --delete-after-revoke --reason superseded
</source>
</syntaxhighlight>




== Deleting certificate files ==
== Deleting certificate files ==


<source lang="console">
<syntaxhighlight lang="console">
$ certbot-auto delete --cert-name domain.com
$ certbot-auto delete --cert-name domain.com
</source>
</syntaxhighlight>


= Generating a certificate for wildcard subdomains =
= Generating a certificate for wildcard subdomains =
Line 123: Line 123:
You need to be able to update the DNS zone file for the domain.  Usually, this is referred to as DNS records, and many registrars have a way for you to update the records.  For this, you should be able to add a TXT record.
You need to be able to update the DNS zone file for the domain.  Usually, this is referred to as DNS records, and many registrars have a way for you to update the records.  For this, you should be able to add a TXT record.


<source lang="console" highlight="1,2">
<syntaxhighlight lang="console" highlight="1,2">
$ sudo letsencrypt certonly --manual -d 'mydomain.com,*.mydomain.com' --agree-tos --no-bootstrap --manual-public-ip-logging-ok \
$ sudo letsencrypt certonly --manual -d 'mydomain.com,*.mydomain.com' --agree-tos --no-bootstrap --manual-public-ip-logging-ok \
     --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
     --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Line 158: Line 158:
   Donating to EFF:                    https://eff.org/donate-le
   Donating to EFF:                    https://eff.org/donate-le


</source>
</syntaxhighlight>


= Resources =
= Resources =


[https://linuxtechlab.com/complete-guide-to-configure-ssl-on-nginx-with-lets-encrypt-ubuntu-centos-rhel/ Complete guide to configure SSL on Nginx with Let’s Encrypt for Ubuntu/CentOS/RHEL] ([https://private.michaelhan.net/snapshots/nginx-1.pdf Snapshot])
[https://linuxtechlab.com/complete-guide-to-configure-ssl-on-nginx-with-lets-encrypt-ubuntu-centos-rhel/ Complete guide to configure SSL on Nginx with Let’s Encrypt for Ubuntu/CentOS/RHEL] ([https://private.michaelhan.net/snapshots/nginx-1.pdf Snapshot])
Retrieved from "https://wiki.michaelhan.net/Special:MobileDiff/4071"