diff options
Diffstat (limited to 'system/letsencrypt/README.Slackware')
-rw-r--r-- | system/letsencrypt/README.Slackware | 39 |
1 files changed, 6 insertions, 33 deletions
diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware index 25d059ca39..0558cc5ba7 100644 --- a/system/letsencrypt/README.Slackware +++ b/system/letsencrypt/README.Slackware @@ -1,44 +1,18 @@ PLUGINS SUPPORT letsencrypt support five plugins to obtain/install certificates and many more to come in the future. -However, we will only cover standalone and apache plugin. Using apache plugin is the recommended way -as it doesn't require the webserver to be taken offline causing downtime during validation. +Using apache plugin is the recommended way as it doesn't require the webserver to be taken offline +causing downtime during validation. All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME> Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf -OBTAINING CERTIFICATE USING STANDALONE PLUGIN -Here's what i use to create a certificate using port 443 for domain validation -certbot certonly --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \ ---email <ADMIN-EMAIL> --renew-by-default --agree-tos --text --standalone - -If you want to use port 80 for domain validation, replace ---preferred-challenges tls-sni-01 -with ---preferred-challenges http-01 - Since 0.14.1, letsencrypt is able to generate/renew all certificates for all of your configured vhost domains. Just run letsencrypt or certbot and you will see all domains are available. -NOTE: -You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to -temporarily stop your exising webserver) - -OBTAINING CERTIFICATE USING APACHE PLUGIN -Thanks to Eric Pratt, certbot/letsencrypt's Apache Plugin is now working well with Slackware. - -Here's what i use to create a certificate using port 443 for domain validation -certbot certonly --apache --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \ ---email <ADMIN-EMAIL> --renew-by-default --agree-tos --text - RENEWAL PROCESS Best way to automate the certificate renewal is by using cron service. -Create a bash script in /etc/cron.monthly that does the following actions (depending on which plugin you used): -Standalone: - turn off httpd service - - give some delay (2s is enough) - - run the same command generate the certificate to renew automatically - - start httpd service -Apache Plugin: run the same command to generate the certificate to renew automatically or use - letsencrypt renew (it will automatically renew when the expired date is less than few weeks). +Create a bash script in /etc/cron.monthly that does the following actions: + letsencrypt renew (it will automatically renew when the expired date is less than few weeks). RATE LIMIT Rate limit on registrations per IP is now 500 per 3 hours. @@ -67,9 +41,8 @@ rsa-key-size = 4096 # Uncomment to use a text interface instead of ncurses # text = True -# Uncomment to use the standalone or apache authenticator on port 443 -# authenticator = standalone / apache -# preferred-challenges = tls-sni-01 +# Uncomment to use the apache authenticator +# authenticator = apache # Uncomment to use the webroot authenticator. Replace webroot-path with the # path to the public_html / webroot folder being served by your web server. |