User Tools
linux:certbot
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:certbot [2017/05/09 14:48] admin |
linux:certbot [2017/10/19 17:20] (current) admin |
||
|---|---|---|---|
| Line 13: | Line 13: | ||
| </code> | </code> | ||
| to your **sources.list** (or add a new file with the ".list" extension to /etc/apt/sources.list.d/) | to your **sources.list** (or add a new file with the ".list" extension to /etc/apt/sources.list.d/) | ||
| + | |||
| Then do: | Then do: | ||
| + | |||
| <code bash> | <code bash> | ||
| $ sudo apt-get install python-certbot-apache -t jessie-backports | $ sudo apt-get install python-certbot-apache -t jessie-backports | ||
| Line 29: | Line 31: | ||
| $ certbot --apache certonly | $ certbot --apache certonly | ||
| </code> | </code> | ||
| - | <note important>Note: | + | <note important> |
| + | **__Note__** | ||
| the apache plugin with **certonly** does the following: | the apache plugin with **certonly** does the following: | ||
| * make temporary config changes (adding a new vhost to pass an ACME Challenge, and enabling mod_ssl if necessary) | * make temporary config changes (adding a new vhost to pass an ACME Challenge, and enabling mod_ssl if necessary) | ||
| Line 37: | Line 41: | ||
| This appears to be a reliable process, but if you don't want Certbot to touch your Apache process or files in any way, you can use the webroot plugin. | This appears to be a reliable process, but if you don't want Certbot to touch your Apache process or files in any way, you can use the webroot plugin. | ||
| To learn more about how to use Certbot read our documentation.</note> | To learn more about how to use Certbot read our documentation.</note> | ||
| + | |||
| + | We can now run Certbot to get our certificate. We'll use the --standalone option to tell Certbot to handle the challenge using its own built-in web server. The --preferred-challenges option instructs Certbot to use port 80 or port 443. If you're using port 80, you want --preferred-challenges http. For port 443 it would be --preferred-challenges tls-sni. Finally, the -d flag is used to specify the domain you're requesting a certificate for. You can add multiple -d options to cover multiple domains in one certificate. | ||
| + | |||
| + | <code bash> | ||
| + | sudo certbot certonly --standalone --preferred-challenges http -d example.com | ||
| + | </code> | ||
| + | |||
| + | In our case : | ||
| + | |||
| + | <code bash> | ||
| + | sudo certbot certonly --standalone -d example.com | ||
| + | </code> | ||
| + | |||
| + | |||
| ===== Automating renewal ===== | ===== Automating renewal ===== | ||
linux/certbot.1494334131.txt.gz · Last modified: 2017/05/09 14:48 by admin
Page Tools
