User Tools
web_services:letsencrypt
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
web_services:letsencrypt [2015/12/07 13:32] tschulz [Getting Your first Certificate] |
web_services:letsencrypt [2015/12/07 13:54] (current) tschulz |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| - The entire process is done through the command line/curses client on the server running the web server | - The entire process is done through the command line/curses client on the server running the web server | ||
| - On Ubuntu I had to install the certificates manually | - On Ubuntu I had to install the certificates manually | ||
| + | - Currently you can only have 5 certs for every domain per 7 day window | ||
| ===== Install LetsEncrypt client ===== | ===== Install LetsEncrypt client ===== | ||
| Line 18: | Line 19: | ||
| - To use webroot verification use the following arguments<file>--webroot --webroot-path /var/www/html</file>replace **/var/www/html** with your document/web root | - To use webroot verification use the following arguments<file>--webroot --webroot-path /var/www/html</file>replace **/var/www/html** with your document/web root | ||
| - Finally add the following for manual certificate installation<file>certonly</file> | - Finally add the following for manual certificate installation<file>certonly</file> | ||
| + | - Here is an example command <file>letsencrypt-auto certonly --standalone-supported-challenges http-01 --webroot-path /var/www/ --webroot</file> | ||
| + | - You will be asked for a email address and a domain name in the curses interface enter them and if all goes well you should get a certificate file. | ||
| + | - If successful you will see four files (**cert.pem,chain.pem,fullchain.pem,privkey.pem**) in **/etc/letsencrypt/live/<FQDN>/** | ||
| + | - Consult the certificate file matrix below on how to use the certificate files. | ||
| + | |||
| + | ==== Certificate File Matrix ==== | ||
| + | ^Apache HTTPS Directive^LetsEncrypt File^Description^ | ||
| + | |SSLCertificateKeyFile|privkey.pem|Private key for the certificate.| | ||
| + | |SSLCertificateFile|cert.pem|Server certificate only.| | ||
| + | |SSLCertificateChainFile|chain.pem|All certificates that need to be served by the browser excluding server certificate, i.e. root and intermediate certificates only.| | ||
| + | |--|fullchain.pem|This is what nginx needs for ssl_certificate.| | ||
| + | |||
| + | --- //[[tschulz@sebeka.k12.mn.us|Thad Schulz]] 2015/12/07 13:54// | ||
web_services/letsencrypt.1449516776.txt.gz · Last modified: 2015/12/07 13:32 by tschulz
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
