Difference between revisions of "Let's Encrypt"

From MgmtWiki
Jump to: navigation, search
(Prepare pfx file)
m (Context)
Line 5: Line 5:
 
* The best way to get free certificates.
 
* The best way to get free certificates.
 
* But these certificates are only good for 3 months
 
* But these certificates are only good for 3 months
* scripts are available for apache, etc. but now for ASP.NET as of 2020-02-15
+
* scripts are available for apache, etc. but not for ASP.NET as of 2020-02-15
  
 
==Solutions==
 
==Solutions==

Revision as of 19:10, 22 September 2021

Full Title

Using Let's Encrypt to maintain TSL certificates on a web site.

Context

  • The best way to get free certificates.
  • But these certificates are only good for 3 months
  • scripts are available for apache, etc. but not for ASP.NET as of 2020-02-15

Solutions

Certbot store working files in /etc/letsencrypt/live

Renewing Certificate looks like this

warning - cert must be renewed before expiry or the process of changing the TXT record start all over.

After challenge is posted to net solutions.org

certbot certonly --manual -d 'trustregistry.org,*.trustregistry.org'

Saving debug log to /var/log/letsencrypt/letsencrypt.log  
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for trustregistry.org
http-01 challenge for trustregistry.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: yes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.trustregistry.org with the following value:
xNAB8ckvmjBV9uq_QhPfa8Xin40SCpoTQH8qphjyvpk
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

VddIbg1TP9nhOxL7X8tJqJCYbFCEHeYS4Eol0hBZjPw.R5Pdn5cwDU36dCaEUseg8k2-ykmZJIcv2F7ivAV_xgs

paJRQpKlTkenmAWkqEQ3lYNw8O7_ZnwV3VC5Qg37tco.R5Pdn5cwDU36dCaEUseg8k2-ykmZJIcv2F7ivAV_xgs

hOzKpYwAYlTex5pVMMnOFF9qVXk2ZUE7ovmceb5LivA.R5Pdn5cwDU36dCaEUseg8k2-ykmZJIcv2F7ivAV_xgs

And make it available on your web server at this URL:
http://trustregistry.org/.well-known/acme-challenge/VddIbg1TP9nhOxL7X8tJqJCYbFCEHeYS4Eol0hBZjPw
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

http://trustregistry.org/.well-known/acme-challenge/hOzKpYwAYlTex5pVMMnOFF9qVXk2ZUE7ovmceb5LivA

Now copy that value into file named TextDocument.txt

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Press Enter to Continue
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/trustregistry.org/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/trustregistry.org/privkey.pem
  Your cert will expire on 2021-06-10. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew *all* of your certificates, run
  "certbot renew"

Prepare pfx file

openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out trorg.pfx

It Might be necessary to reboot the Computer

sudo shutdown -r

References