IT/Software/Server Config/SSL Certificates/certbot: Difference between revisions
Access restrictions were established for this page. If you see this message, you have no access to this page.
Walttheboss (talk | contribs) No edit summary |
Walttheboss (talk | contribs) |
||
(12 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
* This is a wonderful tool to install and manage SSL certificates on servers. | *This is a wonderful tool to install and manage SSL certificates on servers. | ||
==Background== | |||
*certbot is a tool that manages Lets Encrypt certificates. | |||
**Get it from from [https://certbot.eff.org/docs/ here]. | |||
**Their documentation is really well done. | |||
*Know what version you are on | |||
<code>apt-cache policy certbot | grep -i Installed</code> | <code>apt-cache policy certbot | grep -i Installed</code> | ||
* <code>sudo add-apt-repository ppa:certbot/certbot</code> | ==Install== | ||
*You can install from the package maintaners version from 18.04 and on | |||
**Full instructions are [https://certbot.eff.org/lets-encrypt/ubuntubionic-apache here] | |||
*I recommend the ppa version | |||
**[https://launchpad.net/~certbot/+archive/ubuntu/certbot?field.series_filter Certbot PPA=] | |||
<code>sudo add-apt-repository ppa:certbot/certbot</code> | |||
<br> | |||
<code>sudo apt-get update</code> | |||
<br> | |||
<code>sudo apt-get install certbot python-certbot-apache</code> | |||
===Use=== | |||
*Basic installation of a certificate on apache | |||
**You can go to the website above for more details on other platforms. | |||
<code>sudo certbot</code> | |||
<br /> | |||
*Make choices as you go through | |||
**Choose to redirect to https | |||
***This will bork your ssl config files in sites enabled. | |||
****Manually go through and fix them. | |||
==Checking Certificates== | |||
<code>sudo certbot certificates</code> | |||
*You will get a nice list of certs with their expiry dates. | |||
==Renewing Certificates== | |||
When you install certificates certbot will put the cron job in place to autorenew. | |||
<code>cat /etc/cron.d/certbot</code> | |||
*This can be done every 90 days and can be done as much as 30 days early | |||
<code>sudo certbot renew</code> | |||
===Force Renewal=== | |||
*This can eat into your allotment so only do as needed | |||
**This needed to happen once due to a Lets Encrypt bug | |||
<code>sudo certbot --force-renewal</code> | |||
*You still need to pick the domains and then choose to redirect https is you want. | |||
**Normally we do want the forced redirect to https. | |||
**BUT as noted above it will kill your ssl config file(s). | |||
<br /> | |||
Latest revision as of 05:50, 11 December 2020
- This is a wonderful tool to install and manage SSL certificates on servers.
Background
- certbot is a tool that manages Lets Encrypt certificates.
- Get it from from here.
- Their documentation is really well done.
- Know what version you are on
apt-cache policy certbot | grep -i Installed
Install
- You can install from the package maintaners version from 18.04 and on
- Full instructions are here
- I recommend the ppa version
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache
Use
- Basic installation of a certificate on apache
- You can go to the website above for more details on other platforms.
sudo certbot
- Make choices as you go through
- Choose to redirect to https
- This will bork your ssl config files in sites enabled.
- Manually go through and fix them.
- This will bork your ssl config files in sites enabled.
- Choose to redirect to https
Checking Certificates
sudo certbot certificates
- You will get a nice list of certs with their expiry dates.
Renewing Certificates
When you install certificates certbot will put the cron job in place to autorenew.
cat /etc/cron.d/certbot
- This can be done every 90 days and can be done as much as 30 days early
sudo certbot renew
Force Renewal
- This can eat into your allotment so only do as needed
- This needed to happen once due to a Lets Encrypt bug
sudo certbot --force-renewal
- You still need to pick the domains and then choose to redirect https is you want.
- Normally we do want the forced redirect to https.
- BUT as noted above it will kill your ssl config file(s).