Letsencrpyt Ubuntu 16.04
Zur Navigation springen
Zur Suche springen
Install
- sudo apt-get update
- sudo apt-get -y install software-properties-common
- sudo add-apt-repository -y ppa:certbot/certbot
- sudo apt-get update
- sudo apt-get install -y python-certbot-apache
Get the cert
With Apache
- sudo certbot certonly --apache -d www.domain.de
Standalone
- certbot certonly --standalone
Certs Directory
- tree /etc/letsencrypt/
/etc/letsencrypt/ ├── accounts │ └── acme-v01.api.letsencrypt.org │ └── directory │ └── 7dadf2df086c13b39ec5fd10d0ba33e2 │ ├── meta.json │ ├── private_key.json │ └── regr.json ├── archive │ └── sun.xmn.de │ ├── cert1.pem │ ├── chain1.pem │ ├── fullchain1.pem │ └── privkey1.pem ├── csr │ └── 0000_csr-certbot.pem ├── keys │ └── 0000_key-certbot.pem ├── live │ └── sun.xmn.de │ ├── cert.pem -> ../../archive/sun.xmn.de/cert1.pem │ ├── chain.pem -> ../../archive/sun.xmn.de/chain1.pem │ ├── fullchain.pem -> ../../archive/sun.xmn.de/fullchain1.pem │ ├── privkey.pem -> ../../archive/sun.xmn.de/privkey1.pem │ └── README ├── options-ssl-apache.conf ├── renewal │ └── sun.xmn.de.conf └── renewal-hooks ├── deploy ├── post └── pre
Apache
To do
- cd /etc/apache2/mods-enabled
- ln -s ../mods-available/socache_* .
- ln -s ../mods-available/ssl* .
- mkdir -p /var/log/apache2/sun.xmn.de/
- chown www-data.www-data /var/log/apache2/sun.xmn.de/
Config
- cat /etc/apache2/sites-available/sun.xmn.de.conf
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerName sun.xmn.de ServerAdmin technik@xinux.de DocumentRoot /mnt/md0/media/sun.xmn.de ErrorLog ${APACHE_LOG_DIR}/sun.xmn.de/error.log CustomLog ${APACHE_LOG_DIR}/sun.xmn.de/access.log combined SSLCertificateFile /etc/letsencrypt/live/sun.xmn.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/sun.xmn.de/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf <Directory "/mnt/md0/media/sun.xmn.de"> Options +Indexes +FollowSymLinks Require all granted </Directory> <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
Set links
- ln -s /etc/apache2/sites-available/sun.xmn.de.conf /etc/apache2/sites-enabled/
Restart
- systemctl restart apache2
Cronjob
0 */6 * * * /usr/bin/certbot renew --no-self-upgrade --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"