IT/Software/Server Config/SSL Certificates/certbot: Difference between revisions

Access restrictions were established for this page. If you see this message, you have no access to this page.

VisualWikitext

Latest revision as of 05:50, 11 December 2020

This is a wonderful tool to install and manage SSL certificates on servers.

Background

certbot is a tool that manages Lets Encrypt certificates.
- Get it from from here.
- Their documentation is really well done.
Know what version you are on

apt-cache policy certbot | grep -i Installed

Install

You can install from the package maintaners version from 18.04 and on
- Full instructions are here
I recommend the ppa version
- Certbot PPA=

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache

Use

Basic installation of a certificate on apache
- You can go to the website above for more details on other platforms.

sudo certbot

Make choices as you go through
- Choose to redirect to https
  - This will bork your ssl config files in sites enabled.
    - Manually go through and fix them.

Checking Certificates

sudo certbot certificates

You will get a nice list of certs with their expiry dates.

Renewing Certificates

When you install certificates certbot will put the cron job in place to autorenew.

cat /etc/cron.d/certbot

This can be done every 90 days and can be done as much as 30 days early

sudo certbot renew

Force Renewal

This can eat into your allotment so only do as needed
- This needed to happen once due to a Lets Encrypt bug

sudo certbot --force-renewal

You still need to pick the domains and then choose to redirect https is you want.
- Normally we do want the forced redirect to https.
- BUT as noted above it will kill your ssl config file(s).

@@ Line 1: / Line 1: @@
 *This is a wonderful tool to install and manage SSL certificates on servers.
-== Background ==
+==Background==
 *certbot is a tool that manages Lets Encrypt certificates.
@@ Line 10: / Line 10: @@
 <code>apt-cache policy certbot | grep -i Installed</code>
-== Install ==
+==Install==
 *You can install from the package maintaners version from 18.04 and on
-** Full instructions are [https://certbot.eff.org/lets-encrypt/ubuntubionic-apache here]
+**Full instructions are [https://certbot.eff.org/lets-encrypt/ubuntubionic-apache here]
 *I recommend the ppa version
 **[https://launchpad.net/~certbot/+archive/ubuntu/certbot?field.series_filter Certbot PPA=]
@@ Line 23: / Line 23: @@
 <code>sudo apt-get install certbot python-certbot-apache</code>
-=== Use ===
+===Use===
 *Basic installation of a certificate on apache
@@ Line 30: / Line 30: @@
 <code>sudo certbot</code>
 <br />
 *Make choices as you go through
-** Choose to redirect to https
+**Choose to redirect to https
-*** This will bork your ssl config files in sites enabled.
+***This will bork your ssl config files in sites enabled.
-**** Manually go through and fix them.
+****Manually go through and fix them.
-== Checking Certificates ==
+==Checking Certificates==
 <code>sudo certbot certificates</code>
 *You will get a nice list of certs with their expiry dates.
-== Renewing Certificates ==
+==Renewing Certificates==
+When you install certificates certbot will put the cron job in place to autorenew.
+<code>cat /etc/cron.d/certbot</code>
-**This must be done every 90 days and can be done as much as 30 days early
+*This can be done every 90 days and can be done as much as 30 days early
 <code>sudo certbot renew</code>
-=== Force Renewal ===
+===Force Renewal===
 *This can eat into your allotment so only do as needed
@@ Line 55: / Line 60: @@
 *You still need to pick the domains and then choose to redirect https is you want.
 **Normally we do want the forced redirect to https.
+**BUT as noted above it will kill your ssl config file(s).
 <br />