User Tools
Sidebar
linux:certbot
This is an old revision of the document!
Table of Contents
CertBot Certificate
Install
Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.
First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so.
For jessie add this line
deb http://ftp.debian.org/debian jessie-backports main
to your sources.list (or add a new file with the “.list” extension to /etc/apt/sources.list.d/) Then do:
$ sudo apt-get install python-certbot-apache -t jessie-backports
Get Started
Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:
$ certbot --apache
Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:
$ certbot --apache certonly
Note:
the apache plugin with certonly does the following:
- make temporary config changes (adding a new vhost to pass an ACME Challenge, and enabling mod_ssl if necessary)
- performs a graceful reload
- reverts all changes
- performs another graceful reload
This appears to be a reliable process, but if you don't want Certbot to touch your Apache process or files in any way, you can use the webroot plugin. To learn more about how to use Certbot read our documentation.
Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
certbot renew --dry-run
linux/certbot.1494334131.txt.gz · Last modified: 2017/05/09 14:48 by admin
