This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
internet:security:ssl_cert_letsencrypt [2018/11/08 08:12] gcooper |
internet:security:ssl_cert_letsencrypt [2020/08/09 12:21] (current) gcooper |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Let's Encrypt Free SSL Certificates ====== | ====== Let's Encrypt Free SSL Certificates ====== | ||
+ | |||
+ | See also **[[internet: | ||
**Home Page**: https:// | **Home Page**: https:// | ||
Line 6: | Line 8: | ||
**Webmin**: https:// | **Webmin**: https:// | ||
+ | |||
+ | ===== DNS ===== | ||
+ | |||
+ | CAA records authorize SSL certificate issuance by certain certificate authorities. | ||
+ | |||
+ | For Virtualmin managed domains, manually enter something like: | ||
+ | |||
+ | < | ||
+ | hostname.domain.tld. IN CAA 0 issue " | ||
+ | </ | ||
===== SSL Certificate Testing ===== | ===== SSL Certificate Testing ===== | ||
Line 23: | Line 35: | ||
==== Certify the Web ==== | ==== Certify the Web ==== | ||
+ | |||
+ | **Home**: https:// | ||
**Single**: https:// | **Single**: https:// | ||
Line 63: | Line 77: | ||
===== Ubuntu 16.04 ===== | ===== Ubuntu 16.04 ===== | ||
+ | |||
+ | ==== Apache ==== | ||
+ | |||
+ | :!: This will install Apache if not already installed. | ||
https:// | https:// | ||
Line 79: | Line 97: | ||
certbot renew --dry-run | certbot renew --dry-run | ||
</ | </ | ||
- | |||
- | ==== Troubleshooting ==== | ||
- | |||
- | **Remove scheduled task and registry key** (HKEY_LOCAL_MACHINE\Software\letsencrypt-win-simple), | ||
- | |||
- | Increase verbosity: < | ||
===== Virtualmin ===== | ===== Virtualmin ===== | ||
Line 105: | Line 117: | ||
===== Webmin ===== | ===== Webmin ===== | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | ==== DNS ==== | ||
+ | |||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | |||
+ | :!: Add this for testing: < | ||
+ | |||
+ | < | ||
+ | apt install certbot | ||
+ | |||
+ | certbot -d hostname.yourdomain.tld --manual --preferred-challenges dns certonly | ||
+ | |||
+ | certbot renew --dry-run | ||
+ | |||
+ | certbot certificates | ||
+ | </ | ||
+ | |||
+ | ==== HTTP ==== | ||
**Documentation**: | **Documentation**: | ||
Line 119: | Line 153: | ||
{{ : | {{ : | ||
+ | |||
+ | ===== Log Rotation ===== | ||
+ | |||
+ | :!: Certbot has its own log rotation. | ||
+ | |||
+ | **/ | ||
+ | |||
+ | < | ||
+ | / | ||
+ | daily | ||
+ | rotate 0 | ||
+ | firstaction | ||
+ | / | ||
+ | endscript | ||
+ | nocreate | ||
+ | missingok | ||
+ | notifempty | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Test: | ||
+ | |||
+ | < | ||
+ | ll / | ||
+ | logrotate -f / | ||
+ | ll / | ||
+ | </ | ||
+ | |||
+ | ===== Troubleshooting ===== | ||
+ | |||
+ | **Remove scheduled task and registry key** (HKEY_LOCAL_MACHINE\Software\letsencrypt-win-simple), | ||
+ | |||
+ | Increase verbosity: < | ||