IT/Software/Server Config/SSL Certificates/certbot: Difference between revisions
Access restrictions were established for this page. If you see this message, you have no access to this page.
Walttheboss (talk | contribs) |
Walttheboss (talk | contribs) |
||
| Line 12: | Line 12: | ||
== Install == | == Install == | ||
*You can install from the package maintaners version from 18.04 and on | |||
** Full instructions are [https://certbot.eff.org/lets-encrypt/ubuntubionic-apache here] | |||
*I recommend the ppa version | |||
**[https://launchpad.net/~certbot/+archive/ubuntu/certbot?field.series_filter Certbot PPA=] | |||
<code>sudo add-apt-repository ppa:certbot/certbot</code> | <code>sudo add-apt-repository ppa:certbot/certbot</code> | ||
| Line 25: | Line 25: | ||
=== Use === | === Use === | ||
*Basic installation of a certificate on apache | |||
**You can go to the website above for more details on other platforms. | |||
<code>sudo certbot</code> | <code>sudo certbot</code> | ||
<br /> | <br /> | ||
*Make choices as you go through | |||
** Choose to redirect to https | |||
*** This will bork your ssl config files in sites enabled. | |||
**** Manually go through and fix them. | |||
== Checking Certificates == | == Checking Certificates == | ||
Revision as of 05:21, 5 March 2020
- This is a wonderful tool to install and manage SSL certificates on servers.
Background
- certbot is a tool that manages Lets Encrypt certificates.
- Get it from from here.
- Their documentation is really well done.
- Know what version you are on
apt-cache policy certbot | grep -i Installed
Install
- You can install from the package maintaners version from 18.04 and on
- Full instructions are here
- I recommend the ppa version
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache
Use
- Basic installation of a certificate on apache
- You can go to the website above for more details on other platforms.
sudo certbot
- Make choices as you go through
- Choose to redirect to https
- This will bork your ssl config files in sites enabled.
- Manually go through and fix them.
- This will bork your ssl config files in sites enabled.
- Choose to redirect to https
Checking Certificates
sudo certbot certificates
- You will get a nice list of certs with their expiry dates.
Renewing Certificates
- This must be done every 90 days and can be done as much as 30 days early
sudo certbot renew
Force Renewal
- This can eat into your allotment so only do as needed
- This needed to happen once due to a Lets Encrypt bug
- This can eat into your allotment so only do as needed
sudo certbot --force-renewal
- You still need to pick the domains and then choose to redirect https is you want.
- Normally we do want the forced redirect to https.