User Tools
linux:certbot
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
linux:certbot [2017/05/09 14:44] admin created |
linux:certbot [2017/10/19 17:20] (current) admin |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages. | Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages. | ||
| - | First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then do: | + | First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. |
| + | |||
| + | For jessie add this line | ||
| + | <code bash> | ||
| + | deb http://ftp.debian.org/debian jessie-backports main | ||
| + | </code> | ||
| + | to your **sources.list** (or add a new file with the ".list" extension to /etc/apt/sources.list.d/) | ||
| + | |||
| + | Then do: | ||
| <code bash> | <code bash> | ||
| Line 23: | Line 31: | ||
| $ certbot --apache certonly | $ certbot --apache certonly | ||
| </code> | </code> | ||
| - | Note: | + | <note important> |
| + | **__Note__** | ||
| the apache plugin with **certonly** does the following: | the apache plugin with **certonly** does the following: | ||
| - | make temporary config changes | + | * make temporary config changes (adding a new vhost to pass an ACME Challenge, and enabling mod_ssl if necessary) |
| - | (adding a new vhost to pass an ACME Challenge, and enabling mod_ssl if necessary) | + | * performs a graceful reload |
| - | performs a graceful reload | + | * reverts all changes |
| - | reverts all changes | + | * performs another graceful reload |
| - | performs another graceful reload | + | |
| This appears to be a reliable process, but if you don't want Certbot to touch your Apache process or files in any way, you can use the webroot plugin. | This appears to be a reliable process, but if you don't want Certbot to touch your Apache process or files in any way, you can use the webroot plugin. | ||
| - | To learn more about how to use Certbot read our documentation. | + | To learn more about how to use Certbot read our documentation.</note> |
| + | |||
| + | We can now run Certbot to get our certificate. We'll use the --standalone option to tell Certbot to handle the challenge using its own built-in web server. The --preferred-challenges option instructs Certbot to use port 80 or port 443. If you're using port 80, you want --preferred-challenges http. For port 443 it would be --preferred-challenges tls-sni. Finally, the -d flag is used to specify the domain you're requesting a certificate for. You can add multiple -d options to cover multiple domains in one certificate. | ||
| + | |||
| + | <code bash> | ||
| + | sudo certbot certonly --standalone --preferred-challenges http -d example.com | ||
| + | </code> | ||
| + | |||
| + | In our case : | ||
| + | |||
| + | <code bash> | ||
| + | sudo certbot certonly --standalone -d example.com | ||
| + | </code> | ||
| + | |||
| ===== Automating renewal ===== | ===== Automating renewal ===== | ||
linux/certbot.1494333862.txt.gz · Last modified: 2017/05/09 14:44 by admin
Page Tools
