Differences

This shows you the differences between two versions of the page.

--- internet:security:ssl_cert_letsencrypt [2018/10/29 10:11]
127.0.0.1 external edit
+++ internet:security:ssl_cert_letsencrypt [2020/08/09 12:21] (current)
gcooper
@@ Line 1: / Line 1: @@
 ====== Let's Encrypt Free SSL Certificates ======
+See also **[[internet:security:ssl_cert_letsencrypt_zimbra|Using LetsEncrypt SSL Certificates with Zimbra]]**
 **Home Page**: https://letsencrypt.org/certificates/
@@ Line 6: / Line 8: @@
 **Webmin**: https://doxfer.webmin.com/Webmin/Let's_Encrypt
+===== DNS =====
+CAA records authorize SSL certificate issuance by certain certificate authorities.
+For Virtualmin managed domains, manually enter something like:
+<file>
+hostname.domain.tld.	IN	CAA	0 issue "letsencrypt.org"
+</file>
 ===== SSL Certificate Testing =====
@@ Line 23: / Line 35: @@
 ==== Certify the Web ====
+**Home**: https://certifytheweb.com/
 **Single**: https://support.centrestack.com/hc/en-us/articles/360010229973-Obtaining-a-Server-Certificate-from-Let-s-Encrypt-Using-Certify-The-Web
@@ Line 63: / Line 77: @@
 ===== Ubuntu 16.04 =====
+==== Apache ====
+:!: This will install Apache if not already installed.
 https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04
@@ Line 79: / Line 97: @@
 certbot renew --dry-run
 </file>
-==== Troubleshooting ====
-**Remove scheduled task and registry key** (HKEY_LOCAL_MACHINE\Software\letsencrypt-win-simple), then perform an ''iisreset'' as an administrator.
-Increase verbosity: <file>--verbose</file>
 ===== Virtualmin =====
@@ Line 105: / Line 117: @@
 ===== Webmin =====
+<note important>Webmin works well with Apache and HTTP validation.  However, you can also use DNS validation if you don't have Apache installed and you don't want to open ports 80 and 443 in the firewall.  However, DNS validation is not documented well here, particularly renewals.</note>
+==== DNS ====
+https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation
+https://certbot.eff.org/docs/using.html#manual
+:!: Add this for testing: <file>--staging</file>
+<file>
+apt install certbot
+certbot -d hostname.yourdomain.tld --manual --preferred-challenges dns certonly
+certbot renew --dry-run
+certbot certificates
+</file>
+==== HTTP ====
 **Documentation**: https://doxfer.webmin.com/Webmin/Let's_Encrypt
@@ Line 120: / Line 154: @@
 {{ :internet:security:letsencrypt_webmin_ssl_settings.png?750 |Resultant Webmin SSL Settings}}
-===== Zimbra =====
+===== Log Rotation =====
-https://lorenzo.mile.si/letsencrypt-zimbra-the-easy-way/
+:!: Certbot has its own log rotation.
-https://github.com/YetOpen/certbot-zimbra
+**/etc/logrotate.d/letsencrypt**
-==== Install CertBot ====
 <file>
-wget https://dl.eff.org/certbot-auto -P /usr/local/bin
+/var/log/letsencrypt/letsencrypt.log {
-chmod a+x /usr/local/bin/certbot-auto
+  daily
+  rotate 0
+  firstaction
+    /usr/bin/find /var/log/letsencrypt/ -name "letsencrypt.log.*" -mtime +100 -delete
+  endscript
+  nocreate
+  missingok
+  notifempty
+}
 </file>
-Obtain ''certbot-zimbra'':
+Test:
 <file>
-cd /usr/local/src
+ll /var/log/letsencrypt/   #before
-git clone https://github.com/YetOpen/certbot-zimbra.git
+logrotate -f /etc/logrotate.d/letsencrypt
-cd certbot-zimbra
+ll /var/log/letsencrypt/   #after
 </file>
-Install the LetsEncrypt certificate in Zimbra:
+===== Troubleshooting =====
+**Remove scheduled task and registry key** (HKEY_LOCAL_MACHINE\Software\letsencrypt-win-simple), then perform an ''iisreset'' as an administrator.
+Increase verbosity: <file>--verbose</file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools