Letsentcrypt

Valid certs for your webserver

HowTos

* https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04 [EN]
* https://thomas-leister.de/internet/anleitung-fuer-lets-encrypt-kostenlose-tls-zertifikate-fuer-alle/ [GER]

Chaos Commuication Congress HH 12/2015 (englisch) Vortrag zum Thema letsencrypt:

* https://events.ccc.de/congress/2015/ents/7528.html [EN]

Troubleshooting

!!! NEVER EVER DELETE THE /ETC CONIFG DIRECTORY AFTER AN INITIAL RUN !!!

!!! DONT DO !!! #>  rm -rf /etc/letsencrypt

You'll have to wait a full week to repeat the whole registration process!

More on this:

• https://community.letsencrypt.org/t/errors-after-deleting-etc-letsencrypt-live-oserror-errno-22-invalid-argument/3117

Reneval

I am using the le-renew script mentioned in the article on digital ocean above and a crontab entry:

• https://gist.github.com/erikaheidi/4d579acf553297da0fa1

Wrapper script

A simple wrapper script (mainly for the domains reneval):

#!/bin/bash

# Analyse the status
# https://www.ssllabs.com/ssltest/analyze.html?d=blue-it.org

# DON'T CHANGE (needs reconfiguring configuration of virtual servers
BASE_DOMAIN="-d blue-it.org "
CIPHER_STRENGTH=" --rsa-key-size 4096 "
DOMAIN_LIST="-d domaion \
-d other.domain -d www.other.domain"

#####################################
LETSENCRYPT_DIR="/opt/letsencrypt"
#LETSENCRYPT_BIN="/root/.local/share/letsencrypt/bin"
[ -d ${LETSENCRYPT_DIR} ] && cd ${LETSENCRYPT_DIR}
pwd


if [ "${1}" == "--reinstall" ]
then

read -p "Sind sie sicher, das die letsencrypt neu installieren wollen? (y/n) " -n 1 -r
echo    # (optional) move to a new line
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
    	echo "OK, Vorgang abgebrochen."
	exit 1
fi

#####################################
#COMPLETE REINSTALL

mkdir "/opt/$(date +%F)/"
mv "${LETSENCRYPT_DIR}" "/opt/$(date +%F)"
#rm -rf "${LETSENCRYPT_DIR}"

#rm -rf /root/.local/share/letsencrypt

# !!! NEVER EVER !!! DELETE THIS DIRECTORY AFTER AN INITIAL RUN !!!
#rm -rf /etc/letsencrypt


	#mkdir -p "${LETSENCRYPT_DIR}"
	#git clone https://github.com/letsencrypt/letsencrypt "${LETSENCRYPT_DIR}"

	echo "Now run the script without a parameter to invoke letsencrypt and install your certs."

elif [ "${1}" == "--update" ]
then
#####################################
# UPDATE
git pull

elif [ "${1}" == "--renew" ]
then

#####################################
# RENEVAL

service apache2 stop

#./letsencrypt-auto certonly --apache ${CIPHER_STRENGTH} --renew-by-default \
./letsencrypt-auto certonly --apache  --renew-by-default \
"${BASE_DOMAIN}" \
"${DOMAIN_LIST}"

service apache2 start


else

#####################################
# NEW ENVIRONMENT INCLUDING 

service apache2 stop

#./letsencrypt-auto certonly --apache ${CIPHER_STRENGTH} \
#./letsencrypt-auto certonly --apache \
./letsencrypt-auto --apache \
"${BASE_DOMAIN}" \
"${DOMAIN_LIST}"

service apache2 start

fi