IT/Software/Server Config/SSL Certificates/certbot: Difference between revisions
Access restrictions were established for this page. If you see this message, you have no access to this page.
Walttheboss (talk | contribs) No edit summary |
Walttheboss (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
*This is a wonderful tool to install and manage SSL certificates on servers. | *This is a wonderful tool to install and manage SSL certificates on servers. | ||
== Background == | |||
## certbot is a tool that manages Lets Encrypt certificates. | |||
##certbot is a tool that manages Lets Encrypt certificates. | |||
##Get it from from [https://certbot.eff.org/docs/ here]. | ##Get it from from [https://certbot.eff.org/docs/ here]. | ||
##Their documentation is really well done. | ##Their documentation is really well done. | ||
| Line 9: | Line 10: | ||
<code>apt-cache policy certbot | grep -i Installed</code> | <code>apt-cache policy certbot | grep -i Installed</code> | ||
== Install == | |||
##You can install from the package maintaners version from 18.04 and on | ##You can install from the package maintaners version from 18.04 and on | ||
##I recommend the ppa version | ##I recommend the ppa version | ||
| Line 18: | Line 20: | ||
<code>sudo apt-get update</code> | <code>sudo apt-get update</code> | ||
=== Use === | |||
**Basic installation of a certificate on apache | **Basic installation of a certificate on apache | ||
*** You can go to the website above for more details on other platforms. | ***You can go to the website above for more details on other platforms. | ||
<code>sudo certbot</code> | <code>sudo certbot</code> | ||
<br /> | <br /> | ||
== Checking Certificates == | |||
<code>sudo certbot certificates</code> | |||
*You will get a nice list of certs with their expiry dates. | *You will get a nice list of certs with their expiry dates. | ||
** This must be done every 90 days and can be done as much as 30 days early | == Renewing Certificates == | ||
**This must be done every 90 days and can be done as much as 30 days early | |||
<code>sudo certbot renew</code> | <code>sudo certbot renew</code> | ||
** This can eat into your allotment so only do as needed | === Force Renewal === | ||
*** This needed to happen once due to a Lets Encrypt bug | |||
**This can eat into your allotment so only do as needed | |||
***This needed to happen once due to a Lets Encrypt bug | |||
<code>sudo certbot --force-renewal</code> | <code>sudo certbot --force-renewal</code> | ||
*You still need to pick the domains and then choose to redirect https is you want. | *You still need to pick the domains and then choose to redirect https is you want. | ||
** Normally we do want the forced redirect to https. | **Normally we do want the forced redirect to https. | ||
<br /> | <br /> | ||
Revision as of 05:12, 5 March 2020
- This is a wonderful tool to install and manage SSL certificates on servers.
Background
- certbot is a tool that manages Lets Encrypt certificates.
- Get it from from here.
- Their documentation is really well done.
- Know what version you are on
apt-cache policy certbot | grep -i Installed
Install
- You can install from the package maintaners version from 18.04 and on
- I recommend the ppa version
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
Use
- Basic installation of a certificate on apache
- You can go to the website above for more details on other platforms.
- Basic installation of a certificate on apache
sudo certbot
Checking Certificates
sudo certbot certificates
- You will get a nice list of certs with their expiry dates.
Renewing Certificates
- This must be done every 90 days and can be done as much as 30 days early
sudo certbot renew
Force Renewal
- This can eat into your allotment so only do as needed
- This needed to happen once due to a Lets Encrypt bug
- This can eat into your allotment so only do as needed
sudo certbot --force-renewal
- You still need to pick the domains and then choose to redirect https is you want.
- Normally we do want the forced redirect to https.