Difference between revisions of "Letsentcrypt"

From Blue-IT.org Wiki

(Troubelshooting)
(Renewal)
 
(4 intermediate revisions by the same user not shown)
Line 20: Line 20:
 
* https://community.letsencrypt.org/t/errors-after-deleting-etc-letsencrypt-live-oserror-errno-22-invalid-argument/3117
 
* https://community.letsencrypt.org/t/errors-after-deleting-etc-letsencrypt-live-oserror-errno-22-invalid-argument/3117
  
== Reneval ==
+
== Renewal ==
I am using the le-renew script mentioned in the article on digital ocean above and a crontab entry:
+
Not necessary any more due to certbot-auto.
 
 
* https://gist.github.com/erikaheidi/4d579acf553297da0fa1
 
  
 
== Wrapper script ==
 
== Wrapper script ==
  
A simple wrapper script (mainly for the domains reneval):
+
DELETED - not necessary any more due to certbot-auto
 
 
#!/bin/bash
 
 
# Analyse the status
 
# https://www.ssllabs.com/ssltest/analyze.html?d=blue-it.org
 
 
# DON'T CHANGE (needs reconfiguring configuration of virtual servers
 
BASE_DOMAIN="-d blue-it.org "
 
CIPHER_STRENGTH=" --rsa-key-size 4096 "
 
DOMAIN_LIST="-d domaion \
 
-d other.domain -d www.other.domain"
 
 
#####################################
 
LETSENCRYPT_DIR="/opt/letsencrypt"
 
#LETSENCRYPT_BIN="/root/.local/share/letsencrypt/bin"
 
[ -d ${LETSENCRYPT_DIR} ] && cd ${LETSENCRYPT_DIR}
 
pwd
 
 
 
if [ "${1}" == "--reinstall" ]
 
then
 
 
read -p "Sind sie sicher, das die letsencrypt neu installieren wollen? (y/n) " -n 1 -r
 
echo    # (optional) move to a new line
 
if [[ ! $REPLY =~ ^[Yy]$ ]]
 
then
 
    echo "OK, Vorgang abgebrochen."
 
exit 1
 
fi
 
 
#####################################
 
#COMPLETE REINSTALL
 
 
mkdir "/opt/$(date +%F)/"
 
mv "${LETSENCRYPT_DIR}" "/opt/$(date +%F)"
 
#rm -rf "${LETSENCRYPT_DIR}"
 
 
#rm -rf /root/.local/share/letsencrypt
 
 
 
# !!! NEVER EVER !!! DELETE THIS DIRECTORY AFTER AN INITIAL RUN !!!
 
#rm -rf /etc/letsencrypt
 
 
 
#mkdir -p "${LETSENCRYPT_DIR}"
 
#git clone https://github.com/letsencrypt/letsencrypt "${LETSENCRYPT_DIR}"
 
 
echo "Now run the script without a parameter to invoke letsencrypt and install your certs."
 
 
elif [ "${1}" == "--update" ]
 
then
 
#####################################
 
# UPDATE
 
git pull
 
 
elif [ "${1}" == "--renew" ]
 
then
 
 
#####################################
 
# RENEVAL
 
 
 
service apache2 stop
 
 
#./letsencrypt-auto certonly --apache ${CIPHER_STRENGTH} --renew-by-default \
 
./letsencrypt-auto certonly --apache  --renew-by-default \
 
"${BASE_DOMAIN}" \
 
"${DOMAIN_LIST}"
 
 
 
service apache2 start
 
 
 
else
 
 
#####################################
 
# NEW ENVIRONMENT INCLUDING
 
 
 
service apache2 stop
 
 
#./letsencrypt-auto certonly --apache ${CIPHER_STRENGTH} \
 
#./letsencrypt-auto certonly --apache \
 
./letsencrypt-auto --apache \
 
"${BASE_DOMAIN}" \
 
"${DOMAIN_LIST}"
 
 
 
service apache2 start
 
 
fi
 

Latest revision as of 18:42, 19 September 2017

Valid certs for your webserver

HowTos 

* https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04 [EN]
* https://thomas-leister.de/internet/anleitung-fuer-lets-encrypt-kostenlose-tls-zertifikate-fuer-alle/ [GER]

Chaos Commuication Congress HH 12/2015 (englisch) Vortrag zum Thema letsencrypt: 

* https://events.ccc.de/congress/2015/ents/7528.html [EN]

Troubleshooting

!!! NEVER EVER DELETE THE /ETC CONIFG DIRECTORY AFTER AN INITIAL RUN !!! 

!!! DONT DO !!! #>  rm -rf /etc/letsencrypt

You'll have to wait a full week to repeat the whole registration process!

More on this:

Renewal

Not necessary any more due to certbot-auto.

Wrapper script

DELETED - not necessary any more due to certbot-auto

Retrieved from "https://wiki.blue-it.org/index.php?title=Letsentcrypt&oldid=6427"