Let's Encrypt

Discussion in 'Server Administration' started by tux, Mar 3, 2016.

  1. tux

    tux The mighty penguin! :P

    I don't know if you've noticed but the sandbox is now running with a certificate from the Let's Encrypt project. It was a dead simple process:

    git clone https://github.com/letsencrypt/letsencrypt
    cd letsencrypt/
    ./letsencrypt-auto --help # First time run, it'll bootstrap it's dependencies
    mkdir jh

    Then I create the file jh/cli.ini with this content:

    # This is an example of the kind of things you can do in a configuration file.
    # All flags used by the client can be configured here. Run Let's Encrypt with
    # "--help" to learn more about the available options.

    # Use a 4096 bit RSA key instead of 2048
    rsa-key-size = 4096

    # Uncomment and update to register with the specified e-mail address
    # email = foo@example.com
    email = johan@hedbergproductions.com

    # Uncomment and update to generate certificates for the specified
    # domains.
    # domains = example.com, www.example.com
    domains = janvdl.com, www.janvdl.com

    # Uncomment to use a text interface instead of ncurses
    text = True

    # Uncomment to use the standalone authenticator on port 443
    # authenticator = standalone
    # standalone-supported-challenges = tls-sni-01

    # Uncomment to use the webroot authenticator. Replace webroot-path with the
    # path to the public_html / webroot folder being served by your web server.
    authenticator = webroot
    webroot-path = /var/www


    And finally:

    ./letsencrypt-auto certonly -c jh/cli.ini
    ls /etc/letsencrypt/live/janvdl.com/

    You will then have 4 files:

    cert.pem - Your certificate
    chain.pem - Upstream certificates (CA and eventual intermediates)
    fullchain.pem - The cert.pem and chain.pem combined in a single file
    privkey.pem - Private key

    All done, it's just to configure your favorite webserver to utilize the new certificate.
     
    3 people like this.
  2. Elite Override

    Elite Override /etc/passwd: No such file or directory. Staff Member

    Their script is very convenient. I used it without setting up a config file, and it automatically detected the apache install location, inserted the keys and set the ciphers.

    Let's Encrypt is one of those things where you wonder why nobody made it earlier.
     
  3. janvdl

    janvdl Administrator Staff Member

    Thanks tux, and thanks for the cool tutorial as well. :bloodtrail:
     

Share This Page