Differences

This shows you the differences between two versions of the page.

--- letsencrypt [2016/05/09 21:28] – [Letsencrypt] k2patel
+++ letsencrypt [2020/08/10 02:35] (current) – external edit 127.0.0.1
@@ Line 6: / Line 6: @@
 But there is catch, You have to renew your certificated Often.\\
 Since they provided tool to do so, i don't think there is problem at all.\\
+One thing, i've noticed that on AWS, some how authentication using the webroot method fails.\\
+So i had to use http method, which works perfectly fine.\\
+But, renewal works without any issue using webroot.\\
 First install command line API tool.
@@ Line 22: / Line 26: @@
 <code ini sample_config>
 # Domain which you are trying to get certificate for;
+# multiple domain like aliases can be saperated by comma
+# e.g. domains = wiki.k2patel.in, dokuwiki.k2patel.in
 domains = wiki.k2patel.in
@@ Line 54: / Line 60: @@
 </code>
+SSL Configuration
+<code conf ssl.conf>
+    ssl on;
+    ssl_certificate_key /etc/letsencrypt/live/fqdn.testdomain.com/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/fqdn.testdomain.com/fullchain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/fqdn.testdomain.com/fullchain.pem;
+</code>
+==== Apache Configuration ====
+So each domain only need to redirect to HTTPS if URL requested is from acme.
+<code conf domain.conf>
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
+        RewriteCond %{HTTPS} off
+        RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]
+</code>
+SSL configuration
+<code conf ssl.conf>
+        SSLEngine on
+        SSLCertificateFile      "/etc/letsencrypt/live/fqdn.testdomain.com/cert.pem"
+        SSLCertificateKeyFile   "/etc/letsencrypt/live/fqdn.testdomain.com/privkey.pem"
+        SSLCACertificatePath    "/etc/letsencrypt/live/fqdn.testdomain.com/"
+        SSLCertificateChainFile "/etc/letsencrypt/live/fqdn.testdomain.com/fullchain.pem"
+</code>
 ==== Cron setup ====
 Now i have script which run every 11 week.