This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
web_services:letsencrypt [2015/12/07 13:42] tschulz [Getting Your first Certificate] |
web_services:letsencrypt [2015/12/07 13:48] tschulz [LetsEncyrpt on Ubuntu] |
||
---|---|---|---|
Line 5: | Line 5: | ||
- The entire process is done through the command line/curses client on the server running the web server | - The entire process is done through the command line/curses client on the server running the web server | ||
- On Ubuntu I had to install the certificates manually | - On Ubuntu I had to install the certificates manually | ||
+ | - Currently you can only have 5 certs for every domain per 7 day window | ||
===== Install LetsEncrypt client ===== | ===== Install LetsEncrypt client ===== | ||
Line 21: | Line 22: | ||
- You will be asked for a email address and a domain name in the curses interface enter them and if all goes well you should get a certificate file. | - You will be asked for a email address and a domain name in the curses interface enter them and if all goes well you should get a certificate file. | ||
- If successful you will see four files (**cert.pem,chain.pem,fullchain.pem,privkey.pem**) in **/etc/letsencrypt/live/<FQDN>/** | - If successful you will see four files (**cert.pem,chain.pem,fullchain.pem,privkey.pem**) in **/etc/letsencrypt/live/<FQDN>/** | ||
+ | - Consult the certificate file matrix below on how to use the certificate files. | ||
- | ^Apache HTTPS Directive^LetsEncrypt File^ | + | ==== Certificate File Matrix ==== |
- | |SSLCertificateKeyFile|privkey.pem| | + | ^Apache HTTPS Directive^LetsEncrypt File^Description^ |
- | |SSLCertificateFile|cert.pem| | + | |SSLCertificateKeyFile|privkey.pem|Private key for the certificate.| |
- | |SSLCertificateChainFile|chain.pem| | + | |SSLCertificateFile|cert.pem|Server certificate only.| |
- | |--|fullchain.pem| | + | |SSLCertificateChainFile|chain.pem|All certificates that need to be served by the browser excluding server certificate, i.e. root and intermediate certificates only.| |
+ | |--|fullchain.pem|This is what nginx needs for ssl_certificate.| |