linux:let_s_encrypt
Inhaltsverzeichnis
Let's encrypt
ACME-Client
Installieren
git clone https://github.com/letsencrypt/letsencrypt
Update
git pull origin
Zertifikate abholen (nur speichern)
Webserver vorher ggf. wg. Verifikation auf Port 80 stoppen und danach wieder starten.
cd letsencrypt ./letsencrypt-auto certonly --rsa-key-size 4096 -d ho2e.de -d www.ho2e.de
Zertifikate abholen und automatisch apache-conf erzeugen
cd letsencrypt ./letsencrypt-auto --rsa-key-size 4096 -d fahrrad-wiki.org -d www.fahrrad-wiki.org
Zertifikate im manual mode abholen
./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d www.ho2e.de -d ho2e.de
Dabei im Webroot anlegen (Beispiel);
mkdir -p .well-known/acme-challenge cd .well-known/acme-challenge/ echo -n "Inhalt" > Datei
Konfigurationsdatei benutzen
./letsencrypt-auto --config /etc/letsencrypt/cli.ini
cli.ini
# This is an example of the kind of things you can do in a configuration file. # All flags used by the client can be configured here. Run Let's Encrypt with # "--help" to learn more about the available options. # Use a 4096 bit RSA key instead of 2048 rsa-key-size = 4096 # Uncomment and update to register with the specified e-mail address email = me@localhost # Uncomment and update to generate certificates for the specified # domains. domains = local.localdomain # Uncomment to use a text interface instead of ncurses # text = True # Uncomment to use the standalone authenticator on port 443 authenticator = standalone standalone-supported-challenges = tls-sni-01 # Uncomment to use the webroot authenticator. Replace webroot-path with the # path to the public_html / webroot folder being served by your web server. # authenticator = webroot # webroot-path = /usr/share/nginx/html
Automatisch erneuern (kein Prompt)
--renew-by-default
./letsencrypt-auto certonly --renew-by-default --config /etc/letsencrypt/cli.ini
Zertifikate einbinden (manuell)
nginx
ssl_certificate /etc/letsencrypt/live/ho2e.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ho2e.de/privkey.pem;
apache
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/ho2e.de/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/ho2e.de/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ho2e.de/privkey.pem
Ab Apache 2.4.8:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/ho2e.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ho2e.de/privkey.pem
Siehe auch
Weblinks
linux/let_s_encrypt.txt · Zuletzt geändert: von move