Letsencrypt.org: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
K (→Apache ssl: x) |
|||
Zeile 86: | Zeile 86: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== | == Add certificate to apache == | ||
<syntaxhighlight lang="apache"> | <syntaxhighlight lang="apache"> | ||
#/etc/apache2/sites-available/domain.tld | |||
... | |||
SSLCertificateFile /etc/letsencrypt/live/tld.com/cert.pem | SSLCertificateFile /etc/letsencrypt/live/tld.com/cert.pem | ||
SSLCertificateChainFile /etc/letsencrypt/live/tld.com/chain.pem | SSLCertificateChainFile /etc/letsencrypt/live/tld.com/chain.pem | ||
SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem | SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem | ||
... | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Version vom 20. November 2015, 02:26 Uhr
Let’s Encrypt is a free, automated, and open certificate authority https://letsencrypt.org/
Config
/etc/letsencrypt/cli.ini
#use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
server = https://acme-v01.api.letsencrypt.org/directory
email = xxx@yyy.com
authenticator = webroot
#manual
agree-dev-preview = True
agree-tos = True
# Uncomment to use a text interface instead of ncurses
# text = True
# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01
# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
webroot-path = /srv/www/_webrootauth/
Prerequisite: Apache config
#/etc/apache2/conf.d/letsencrypt.conf
#let's encrypt global dir
Alias /.well-known/acme-challenge/ /srv/www/_webrootauth/.well-known/acme-challenge/
<IfModule mod_headers.c>
<LocationMatch "/.well-known/acme-challenge/*">
Header set Content-Type "text/plain"
</LocationMatch>
</IfModule>
<Directory "/srv/www/_webrootauth/.well-known/">
Order allow,deny
Allow from all
</Directory>
Create certificate via webroot (recommended)
umask 022
cd ~/letsencrypt
./letsencrypt-auto certonly -d domain.tld -d www.domain.tld
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain.tld/fullchain.pem. Your cert will
expire on 2016-02-17. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
Create certificate manuell
cd ~/letsencrypt
./letsencrypt-auto certonly -d domain.tld -d www.domain.tld
Make sure your web server displays the following content at
http://www.domain.tld/.well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY before continuing:
a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg
with another shell under /srv/www/xxx/htdocs
umask 022
printf "%s" a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg > .well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY
Press ENTER to continue
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/tld.com/fullchain.pem. Your cert will
expire on 2016-02-05. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
Add certificate to apache
#/etc/apache2/sites-available/domain.tld
...
SSLCertificateFile /etc/letsencrypt/live/tld.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/tld.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem
...