Difference between revisions of "Letsentcrypt"
From Blue-IT.org Wiki
(→Valid certs for your webserver) |
(→Troubelshooting) |
||
Line 10: | Line 10: | ||
* https://events.ccc.de/congress/2015/ents/7528.html [EN] | * https://events.ccc.de/congress/2015/ents/7528.html [EN] | ||
− | == | + | == Troubleshooting == |
'''!!! NEVER EVER DELETE THE /ETC CONIFG DIRECTORY AFTER AN INITIAL RUN !!!''' | '''!!! NEVER EVER DELETE THE /ETC CONIFG DIRECTORY AFTER AN INITIAL RUN !!!''' |
Revision as of 11:59, 3 February 2016
Valid certs for your webserver
HowTos
* https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04 [EN] * https://thomas-leister.de/internet/anleitung-fuer-lets-encrypt-kostenlose-tls-zertifikate-fuer-alle/ [GER]
Chaos Commuication Congress HH 12/2015 (englisch) Vortrag zum Thema letsencrypt:
* https://events.ccc.de/congress/2015/ents/7528.html [EN]
Troubleshooting
!!! NEVER EVER DELETE THE /ETC CONIFG DIRECTORY AFTER AN INITIAL RUN !!!
!!! DONT DO !!! #> rm -rf /etc/letsencrypt
You'll have to wait a full week to repeat the whole registration process!
Reneval
I am using the le-renew script mentioned in the article on digital ocean above and a crontab entry:
Wrapper script
A simple wrapper script (mainly for the domains reneval):
#!/bin/bash # Analyse the status # https://www.ssllabs.com/ssltest/analyze.html?d=blue-it.org # DON'T CHANGE (needs reconfiguring configuration of virtual servers BASE_DOMAIN="-d blue-it.org " CIPHER_STRENGTH=" --rsa-key-size 4096 " DOMAIN_LIST="-d domaion \ -d other.domain -d www.other.domain" ##################################### LETSENCRYPT_DIR="/opt/letsencrypt" #LETSENCRYPT_BIN="/root/.local/share/letsencrypt/bin" [ -d ${LETSENCRYPT_DIR} ] && cd ${LETSENCRYPT_DIR} pwd if [ "${1}" == "--reinstall" ] then read -p "Sind sie sicher, das die letsencrypt neu installieren wollen? (y/n) " -n 1 -r echo # (optional) move to a new line if [[ ! $REPLY =~ ^[Yy]$ ]] then echo "OK, Vorgang abgebrochen." exit 1 fi ##################################### #COMPLETE REINSTALL mkdir "/opt/$(date +%F)/" mv "${LETSENCRYPT_DIR}" "/opt/$(date +%F)" #rm -rf "${LETSENCRYPT_DIR}" #rm -rf /root/.local/share/letsencrypt
# !!! NEVER EVER !!! DELETE THIS DIRECTORY AFTER AN INITIAL RUN !!! #rm -rf /etc/letsencrypt #mkdir -p "${LETSENCRYPT_DIR}" #git clone https://github.com/letsencrypt/letsencrypt "${LETSENCRYPT_DIR}" echo "Now run the script without a parameter to invoke letsencrypt and install your certs." elif [ "${1}" == "--update" ] then ##################################### # UPDATE git pull elif [ "${1}" == "--renew" ] then ##################################### # RENEVAL
service apache2 stop #./letsencrypt-auto certonly --apache ${CIPHER_STRENGTH} --renew-by-default \ ./letsencrypt-auto certonly --apache --renew-by-default \ "${BASE_DOMAIN}" \ "${DOMAIN_LIST}"
service apache2 start else ##################################### # NEW ENVIRONMENT INCLUDING
service apache2 stop #./letsencrypt-auto certonly --apache ${CIPHER_STRENGTH} \ #./letsencrypt-auto certonly --apache \ ./letsencrypt-auto --apache \ "${BASE_DOMAIN}" \ "${DOMAIN_LIST}"
service apache2 start fi