Letsencrypt.org

Aus crazylinux.de
Zur Navigation springen Zur Suche springen

Let’s Encrypt is a free, automated, and open certificate authority https://letsencrypt.org/

Config

/etc/letsencrypt/cli.ini 

#use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

server = https://acme-v01.api.letsencrypt.org/directory

email = xxx@yyy.com

authenticator = webroot 
#manual

agree-dev-preview = True
agree-tos = True


Apache config

#/etc/apache2/conf.d/letsencrypt.conf
        #let's encrypt global dir
        Alias /.well-known/acme-challenge/ /srv/www/global-domain.tld/htdocs/.well-known/acme-challenge/

        <Directory "/srv/www/xxx.de/htdocs/.well-known">
                Order allow,deny
                Allow from all
        </Directory>

        <IfModule mod_headers.c>
          <LocationMatch "/.well-known/acme-challenge/*">
              Header set Content-Type "text/plain"
          </LocationMatch>
         </IfModule>

Create certificate via webroot (recommended)

umask 022
./letsencrypt-auto certonly -d domain.tld -d www.domain.tld

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/domain.tld/fullchain.pem. Your cert will
   expire on 2016-02-17. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.

Create certificate manuell

cd ~/letsencrypt
./letsencrypt-auto certonly -d domain.tld -d www.domain.tld

Make sure your web server displays the following content at
http://www.domain.tld/.well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY before continuing:
a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg

with another shell under /srv/www/xxx/htdocs
umask 022
printf "%s" a9q3mxxxxWo-W9ihRohAuoxxxxLeppj8qZj07JvRRAqRB4qSFg > .well-known/acme-challenge/a9q3mxxxxxxxZqxPKlKKI8KY

Press ENTER to continue

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/tld.com/fullchain.pem. Your cert will
   expire on 2016-02-05. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.

Apache ssl

SSLCertificateFile /etc/letsencrypt/live/tld.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/tld.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tld.com/privkey.pem

Links

Abgerufen von „https://crazylinux.de/?title=Letsencrypt.org&oldid=4577