Difference between revisions of "Let's Encrypt"

From MgmtWiki
Jump to: navigation, search
(Solutions)
(References)
Line 73: Line 73:
 
   again. To non-interactively renew *all* of your certificates, run
 
   again. To non-interactively renew *all* of your certificates, run
 
   "certbot renew"
 
   "certbot renew"
 +
 +
===Prepare fpx file===
 +
  
 
==References==
 
==References==
  
 
[[Category: Best Practice]]
 
[[Category: Best Practice]]

Revision as of 18:31, 8 June 2021

Full Title

Using Let's Encrypt to maintain TSL certificates on a web site.

Context

The best way to get free certificates.

Solutions

Store working files in /etc/letsencrypt/live

Renewing Certificate looks like this

After challenge is posted to net solutions.org

certbot certonly --manual -d 'trustregistry.org,*.trustregistry.org'

Saving debug log to /var/log/letsencrypt/letsencrypt.log  
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for trustregistry.org
http-01 challenge for trustregistry.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: yes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.trustregistry.org with the following value:
xNAB8ckvmjBV9uq_QhPfa8Xin40SCpoTQH8qphjyvpk
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Create a file containing just this data:

VddIbg1TP9nhOxL7X8tJqJCYbFCEHeYS4Eol0hBZjPw.R5Pdn5cwDU36dCaEUseg8k2-ykmZJIcv2F7ivAV_xgs

paJRQpKlTkenmAWkqEQ3lYNw8O7_ZnwV3VC5Qg37tco.R5Pdn5cwDU36dCaEUseg8k2-ykmZJIcv2F7ivAV_xgs

hOzKpYwAYlTex5pVMMnOFF9qVXk2ZUE7ovmceb5LivA.R5Pdn5cwDU36dCaEUseg8k2-ykmZJIcv2F7ivAV_xgs

And make it available on your web server at this URL:
http://trustregistry.org/.well-known/acme-challenge/VddIbg1TP9nhOxL7X8tJqJCYbFCEHeYS4Eol0hBZjPw
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet.)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue

http://trustregistry.org/.well-known/acme-challenge/hOzKpYwAYlTex5pVMMnOFF9qVXk2ZUE7ovmceb5LivA

Now copy that value into file named TextDocument.txt

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Press Enter to Continue
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/trustregistry.org/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/trustregistry.org/privkey.pem
  Your cert will expire on 2021-06-10. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew *all* of your certificates, run
  "certbot renew"

Prepare fpx file

References