Letsencrypt.org: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
K (→Apache ssl: s) |
K (webroot) |
||
| Zeile 12: | Zeile 12: | ||
email = xxx@yyy.com | email = xxx@yyy.com | ||
authenticator = manual | authenticator = webroot | ||
#manual | |||
agree-dev-preview = True | agree-dev-preview = True | ||
agree-tos = True | agree-tos = True | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Apache config == | == Apache config == | ||
<syntaxhighlight lang="apache"> | <syntaxhighlight lang="apache"> | ||
#/etc/apache2/conf.d/letsencrypt.conf | #/etc/apache2/conf.d/letsencrypt.conf | ||
#let's encrypt | #let's encrypt global dir | ||
Alias /.well-known/acme-challenge/ /srv/www/ | Alias /.well-known/acme-challenge/ /srv/www/global-domain.tld/htdocs/.well-known/acme-challenge/ | ||
<Directory "/srv/www/xxx.de/htdocs/.well-known"> | <Directory "/srv/www/xxx.de/htdocs/.well-known"> | ||
| Zeile 29: | Zeile 31: | ||
</Directory> | </Directory> | ||
<IfModule mod_headers.c> | |||
<LocationMatch "/.well-known/acme-challenge/*"> | |||
Header set Content-Type "text/plain" | |||
</LocationMatch> | |||
</IfModule> | |||
</syntaxhighlight> | |||
== Create certificate via webroot (recommended) == | |||
<syntaxhighlight lang="bash"> | |||
umask 022 | |||
./letsencrypt-auto certonly --webroot-path /srv/www/global-domain.tld/htdocs/ -d domain.tld -d www.domain.tld | |||
IMPORTANT NOTES: | |||
- Congratulations! Your certificate and chain have been saved at | |||
/etc/letsencrypt/live/domain.tld/fullchain.pem. Your cert will | |||
expire on 2016-02-17. To obtain a new version of the certificate in | |||
the future, simply run Let's Encrypt again. | |||
</syntaxhighlight> | </syntaxhighlight> | ||
== Create certificate == | == Create certificate manuell == | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cd ~/letsencrypt | cd ~/letsencrypt | ||
./letsencrypt-auto certonly -d tld | ./letsencrypt-auto certonly -d domain.tld -d www.domain.tld | ||
Make sure your web server displays the following content at | Make sure your web server displays the following content at | ||
http://www.tld | http://www.domain.tld/.well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY before continuing: | ||
a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg | a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg | ||
Version vom 20. November 2015, 02:58 Uhr
Let’s Encrypt is a free, automated, and open certificate authority https://letsencrypt.org/
Config
/etc/letsencrypt/cli.ini
#use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
server = https://acme-v01.api.letsencrypt.org/directory
email = xxx@yyy.com
authenticator = webroot
#manual
agree-dev-preview = True
agree-tos = True
Apache config
#/etc/apache2/conf.d/letsencrypt.conf
#let's encrypt global dir
Alias /.well-known/acme-challenge/ /srv/www/global-domain.tld/htdocs/.well-known/acme-challenge/
<Directory "/srv/www/xxx.de/htdocs/.well-known">
Order allow,deny
Allow from all
</Directory>
<IfModule mod_headers.c>
<LocationMatch "/.well-known/acme-challenge/*">
Header set Content-Type "text/plain"
</LocationMatch>
</IfModule>
Create certificate via webroot (recommended)
umask 022
./letsencrypt-auto certonly --webroot-path /srv/www/global-domain.tld/htdocs/ -d domain.tld -d www.domain.tld
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain.tld/fullchain.pem. Your cert will
expire on 2016-02-17. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
Create certificate manuell
cd ~/letsencrypt
./letsencrypt-auto certonly -d domain.tld -d www.domain.tld
Make sure your web server displays the following content at
http://www.domain.tld/.well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY before continuing:
a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg
with another shell under /srv/www/xxx/htdocs
umask 022
printf "%s" a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg > .well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY
Press ENTER to continue
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/tld.com/fullchain.pem. Your cert will
expire on 2016-02-05. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
Apache ssl
SSLCertificateFile /etc/letsencrypt/live/tld.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/tld.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem