IT/Software/Server Config/SSL Certificates/certbot: Difference between revisions
Access restrictions were established for this page. If you see this message, you have no access to this page.
Walttheboss (talk | contribs) |
Walttheboss (talk | contribs) |
||
Line 48: | Line 48: | ||
=== Force Renewal === | === Force Renewal === | ||
*This can eat into your allotment so only do as needed | |||
**This needed to happen once due to a Lets Encrypt bug | |||
<code>sudo certbot --force-renewal</code> | <code>sudo certbot --force-renewal</code> |
Revision as of 05:21, 5 March 2020
- This is a wonderful tool to install and manage SSL certificates on servers.
Background
- certbot is a tool that manages Lets Encrypt certificates.
- Get it from from here.
- Their documentation is really well done.
- Know what version you are on
apt-cache policy certbot | grep -i Installed
Install
- You can install from the package maintaners version from 18.04 and on
- Full instructions are here
- I recommend the ppa version
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache
Use
- Basic installation of a certificate on apache
- You can go to the website above for more details on other platforms.
sudo certbot
- Make choices as you go through
- Choose to redirect to https
- This will bork your ssl config files in sites enabled.
- Manually go through and fix them.
- This will bork your ssl config files in sites enabled.
- Choose to redirect to https
Checking Certificates
sudo certbot certificates
- You will get a nice list of certs with their expiry dates.
Renewing Certificates
- This must be done every 90 days and can be done as much as 30 days early
sudo certbot renew
Force Renewal
- This can eat into your allotment so only do as needed
- This needed to happen once due to a Lets Encrypt bug
sudo certbot --force-renewal
- You still need to pick the domains and then choose to redirect https is you want.
- Normally we do want the forced redirect to https.