This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
letsencrypt [2016/04/27 11:02] k2patel |
letsencrypt [2018/09/25 14:44] k2patel |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Letsencrypt ====== | + | ====== Letsencrypt | Certbot ====== |
+ | Now they renamed it from Letsencrypt to Certbot.\\ | ||
+ | Working on script to reflect the change but i have to make sure it does not change | Break all required dependencies.\\ | ||
Great thing happen securing internet servers, And it's Free.\\ | Great thing happen securing internet servers, And it's Free.\\ | ||
But there is catch, You have to renew your certificated Often.\\ | But there is catch, You have to renew your certificated Often.\\ | ||
Since they provided tool to do so, i don't think there is problem at all.\\ | Since they provided tool to do so, i don't think there is problem at all.\\ | ||
+ | |||
+ | One thing, i've noticed that on AWS, some how authentication using the webroot method fails.\\ | ||
+ | So i had to use http method, which works perfectly fine.\\ | ||
+ | But, renewal works without any issue using webroot.\\ | ||
First install command line API tool. | First install command line API tool. | ||
Line 20: | Line 26: | ||
<code ini sample_config> | <code ini sample_config> | ||
# Domain which you are trying to get certificate for; | # Domain which you are trying to get certificate for; | ||
+ | # multiple domain like aliases can be saperated by comma | ||
+ | # e.g. domains = wiki.k2patel.in, dokuwiki.k2patel.in | ||
domains = wiki.k2patel.in | domains = wiki.k2patel.in | ||
Line 52: | Line 60: | ||
</code> | </code> | ||
+ | |||
+ | SSL Configuration | ||
+ | <code conf ssl.conf> | ||
+ | ssl on; | ||
+ | ssl_certificate_key /etc/letsencrypt/live/fqdn.testdomain.com/privkey.pem; | ||
+ | ssl_certificate /etc/letsencrypt/live/fqdn.testdomain.com/fullchain.pem; | ||
+ | ssl_trusted_certificate /etc/letsencrypt/live/fqdn.testdomain.com/fullchain.pem; | ||
+ | </code> | ||
+ | ==== Apache Configuration ==== | ||
+ | So each domain only need to redirect to HTTPS if URL requested is from acme. | ||
+ | |||
+ | <code conf domain.conf> | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC] | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302] | ||
+ | </code> | ||
+ | |||
+ | |||
+ | SSL configuration | ||
+ | <code conf ssl.conf> | ||
+ | SSLEngine on | ||
+ | SSLCertificateFile "/etc/letsencrypt/live/fqdn.testdomain.com/cert.pem" | ||
+ | SSLCertificateKeyFile "/etc/letsencrypt/live/fqdn.testdomain.com/privkey.pem" | ||
+ | SSLCACertificatePath "/etc/letsencrypt/live/fqdn.testdomain.com/" | ||
+ | SSLCertificateChainFile "/etc/letsencrypt/live/fqdn.testdomain.com/fullchain.pem" | ||
+ | </code> | ||
==== Cron setup ==== | ==== Cron setup ==== | ||
Now i have script which run every 11 week. | Now i have script which run every 11 week. |