Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » security » ssl_cert_letsencrypt
Trace: hyper-v-live-migration
internet:security:ssl_cert_letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:security:ssl_cert_letsencrypt [2019/03/13 14:36]
gcooper 		internet:security:ssl_cert_letsencrypt [2020/08/09 12:21] (current)
gcooper
Line 1: Line 1:
 ====== Let's Encrypt Free SSL Certificates ====== ====== Let's Encrypt Free SSL Certificates ======
 +
 +See also **[[internet:security:ssl_cert_letsencrypt_zimbra|Using LetsEncrypt SSL Certificates with Zimbra]]**
  
 **Home Page**: https://letsencrypt.org/certificates/ **Home Page**: https://letsencrypt.org/certificates/
Line 6: Line 8:
  
 **Webmin**: https://doxfer.webmin.com/Webmin/Let's_Encrypt **Webmin**: https://doxfer.webmin.com/Webmin/Let's_Encrypt
 +
 +===== DNS =====
 +
 +CAA records authorize SSL certificate issuance by certain certificate authorities.
 +
 +For Virtualmin managed domains, manually enter something like:
 +
 +<file>
 +hostname.domain.tld. IN CAA 0 issue "letsencrypt.org"
 +</file>
  
 ===== SSL Certificate Testing ===== ===== SSL Certificate Testing =====
Line 112: Line 124:
 https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation
  
-:!: for testing, add ''--staging''.+https://certbot.eff.org/docs/using.html#manual 
 + 
 +:!: Add this for testing: <file>--staging</file>
  
 <file> <file>
Line 118: Line 132:
  
 certbot -d hostname.yourdomain.tld --manual --preferred-challenges dns certonly certbot -d hostname.yourdomain.tld --manual --preferred-challenges dns certonly
 +
 +certbot renew --dry-run
  
 certbot certificates certbot certificates
Line 137: Line 153:
  
 {{ :internet:security:letsencrypt_webmin_ssl_settings.png?750 |Resultant Webmin SSL Settings}} {{ :internet:security:letsencrypt_webmin_ssl_settings.png?750 |Resultant Webmin SSL Settings}}
 +
 +===== Log Rotation =====
 +
 +:!: Certbot has its own log rotation.
 +
 +**/etc/logrotate.d/letsencrypt**
 +
 +<file>
 +/var/log/letsencrypt/letsencrypt.log {
 +  daily
 +  rotate 0
 +  firstaction
 +    /usr/bin/find /var/log/letsencrypt/ -name "letsencrypt.log.*" -mtime +100 -delete
 +  endscript
 +  nocreate
 +  missingok
 +  notifempty
 +}
 +</file>
 +
 +Test:
 +
 +<file>
 +ll /var/log/letsencrypt/   #before
 +logrotate -f /etc/logrotate.d/letsencrypt
 +ll /var/log/letsencrypt/   #after
 +</file>
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
internet/security/ssl_cert_letsencrypt.1552509367.txt.gz · Last modified: 2019/03/13 14:36 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki