Letsencrypt.org: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
K (→Create certificate: x) |
K (l) |
||
| Zeile 60: | Zeile 60: | ||
SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem | SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Links == | |||
*https://letsencrypt.readthedocs.org/ | |||
*https://community.letsencrypt.org/ | |||
*https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/38 | |||
[[Kategorie:Security]] | [[Kategorie:Security]] | ||
[[Kategorie:WWW]] | [[Kategorie:WWW]] | ||
Version vom 7. November 2015, 20:12 Uhr
Let’s Encrypt is a free, automated, and open certificate authority https://letsencrypt.org/
Config
/etc/letsencrypt/cli.ini
#use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
server = https://acme-v01.api.letsencrypt.org/directory
email = xxx@yyy.com
authenticator = manual
agree-dev-preview = True
agree-tos = True
Apache config
#/etc/apache2/conf.d/letsencrypt.conf
#let's encrypt
Alias /.well-known/acme-challenge/ /srv/www/xxx.de/htdocs/.well-known/acme-challenge/
<Directory "/srv/www/xxx.de/htdocs/.well-known">
Order allow,deny
Allow from all
</Directory>
Create certificate
cd ~/letsencrypt
./letsencrypt-auto certonly -d tld.com -d www.tld.com
Make sure your web server displays the following content at
http://www.tld.com/.well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY before continuing:
a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg
with another shell under /srv/www/xxx/htdocs
umask 022
printf "%s" a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg > .well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY
Press ENTER to continue
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/tld.com/fullchain.pem. Your cert will
expire on 2016-02-05. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
Apache ssl
SSLCertificateFile /etc/letsencrypt/live/tld.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/tld.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem