Letsencrypt.org: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
K (chain) |
|||
Zeile 68: | Zeile 68: | ||
#/etc/apache2/sites-available/domain.tld | #/etc/apache2/sites-available/domain.tld | ||
... | ... | ||
SSLCertificateFile /etc/letsencrypt/live/tld.com/ | SSLCertificateFile /etc/letsencrypt/live/tld.com/fullchain.pem | ||
SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem | SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem | ||
... | ... |
Version vom 24. August 2017, 22:14 Uhr
Let’s Encrypt is a free, automated, and open certificate authority https://letsencrypt.org/ and https://letsencrypt.org/howitworks/
This setup is for multidomain setup.
Config
/etc/letsencrypt/cli.ini
#use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
server = https://acme-v01.api.letsencrypt.org/directory
email = xxx@yyy.com
authenticator = webroot
agree-tos = True
renew-by-default = false
# Uncomment to use a text interface instead of ncurses
# text = True
# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01
# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
webroot-path = /srv/www/_webrootauth/
Prerequisite: Apache config
#/etc/apache2/conf.d/letsencrypt.conf
#let's encrypt global dir
Alias /.well-known/acme-challenge/ /srv/www/_webrootauth/.well-known/acme-challenge/
<IfModule mod_headers.c>
<LocationMatch "/.well-known/acme-challenge/*">
Header set Content-Type "text/plain"
</LocationMatch>
</IfModule>
<Directory "/srv/www/_webrootauth/.well-known/">
Order allow,deny
Allow from all
</Directory>
Create certificate via webroot (recommended)
cd ~/letsencrypt
./letsencrypt-auto certonly -d domain.tld -d www.domain.tld
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain.tld/fullchain.pem. Your cert will
expire on 2016-02-17. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
Add certificate to apache
#/etc/apache2/sites-available/domain.tld
...
SSLCertificateFile /etc/letsencrypt/live/tld.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem
...
Create certificate manuell
cd ~/letsencrypt
./letsencrypt-auto certonly -a manual -d domain.tld -d www.domain.tld
Make sure your web server displays the following content at
http://www.domain.tld/.well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY before continuing:
a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg
with another shell under /srv/www/xxx/htdocs
umask 022
printf "%s" a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg > .well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY
Press ENTER to continue
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/tld.com/fullchain.pem. Your cert will
expire on 2016-02-05. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
Automatic renew certificates
see http://letsencrypt.readthedocs.org/en/latest/using.html#renewal
#renew letsencrypt
2 2 * * * /root/letsencrypt/letsencrypt-auto renew -q >> /var/log/le-renew.log