Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » security » ssl_cert_letsencrypt
Trace: hyper-v-live-migration
internet:security:ssl_cert_letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:security:ssl_cert_letsencrypt [2019/03/13 14:28]
gcooper 		internet:security:ssl_cert_letsencrypt [2020/08/09 12:21] (current)
gcooper
Line 1: Line 1:
 ====== Let's Encrypt Free SSL Certificates ====== ====== Let's Encrypt Free SSL Certificates ======
 +
 +See also **[[internet:security:ssl_cert_letsencrypt_zimbra|Using LetsEncrypt SSL Certificates with Zimbra]]**
  
 **Home Page**: https://letsencrypt.org/certificates/ **Home Page**: https://letsencrypt.org/certificates/
Line 6: Line 8:
  
 **Webmin**: https://doxfer.webmin.com/Webmin/Let's_Encrypt **Webmin**: https://doxfer.webmin.com/Webmin/Let's_Encrypt
 +
 +===== DNS =====
 +
 +CAA records authorize SSL certificate issuance by certain certificate authorities.
 +
 +For Virtualmin managed domains, manually enter something like:
 +
 +<file>
 +hostname.domain.tld. IN CAA 0 issue "letsencrypt.org"
 +</file>
  
 ===== SSL Certificate Testing ===== ===== SSL Certificate Testing =====
Line 106: Line 118:
 ===== Webmin ===== ===== Webmin =====
  
-FIXME+<note important>Webmin works well with Apache and HTTP validation.  However, you can also use DNS validation if you don't have Apache installed and you don't want to open ports 80 and 443 in the firewall.  However, DNS validation is not documented well here, particularly renewals.</note>
  
-<note important>Webmin works well with Apache and HTTP validation.  However, you can also use DNS validation if you don't have Apache installed and you don't want to open ports 80 and 443 in the firewall.  However, that is not documented well here, particularly renewals.+==== DNS ====
  
-https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation</note>+https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation 
 + 
 +https://certbot.eff.org/docs/using.html#manual 
 + 
 +:!: Add this for testing: <file>--staging</file> 
 + 
 +<file> 
 +apt install certbot 
 + 
 +certbot -d hostname.yourdomain.tld --manual --preferred-challenges dns certonly 
 + 
 +certbot renew --dry-run 
 + 
 +certbot certificates 
 +</file> 
 + 
 +==== HTTP ====
  
 **Documentation**: https://doxfer.webmin.com/Webmin/Let's_Encrypt **Documentation**: https://doxfer.webmin.com/Webmin/Let's_Encrypt
Line 125: Line 153:
  
 {{ :internet:security:letsencrypt_webmin_ssl_settings.png?750 |Resultant Webmin SSL Settings}} {{ :internet:security:letsencrypt_webmin_ssl_settings.png?750 |Resultant Webmin SSL Settings}}
 +
 +===== Log Rotation =====
 +
 +:!: Certbot has its own log rotation.
 +
 +**/etc/logrotate.d/letsencrypt**
 +
 +<file>
 +/var/log/letsencrypt/letsencrypt.log {
 +  daily
 +  rotate 0
 +  firstaction
 +    /usr/bin/find /var/log/letsencrypt/ -name "letsencrypt.log.*" -mtime +100 -delete
 +  endscript
 +  nocreate
 +  missingok
 +  notifempty
 +}
 +</file>
 +
 +Test:
 +
 +<file>
 +ll /var/log/letsencrypt/   #before
 +logrotate -f /etc/logrotate.d/letsencrypt
 +ll /var/log/letsencrypt/   #after
 +</file>
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
internet/security/ssl_cert_letsencrypt.1552508892.txt.gz · Last modified: 2019/03/13 14:28 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki