Webseiten-Werkzeuge


let_s_encrypt

Let's Encrypt

Certbot

Installation

Ubuntu

mit snapd installieren

FreeBSD

Paketnamen:

security/py-certbot
security/py-certbot-dns-cloudflare
Installing py37-certbot-1.14.0,1...
This port installs the "standalone" client only, which does not use and
is not the certbot-auto bootstrap/wrapper script.
 
The simplest form of usage to obtain certificates is:
 
 # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>
 
NOTE:
 
The client requires the ability to bind on TCP port 80 or 443 (depending
on the --preferred-challenges option used). If a server is running on that
port, it will need to be temporarily stopped so that the standalone server
can listen on that port to complete the challenge authentication process.
 
For more information on the 'standalone' mode, see:
 
  https://certbot.eff.org/docs/using.html#standalone
 
The certbot plugins to support apache and nginx certificate installation
will be made available in the following ports:
 
 * Apache plugin: security/py-certbot-apache
 * Nginx plugin: security/py-certbot-nginx
 
In order to automatically renew the certificates, add this line to
/etc/periodic.conf:
 
    weekly_certbot_enable="YES"
 
More config details in the certbot periodic script:
 
    /usr/local/etc/periodic/weekly/500.certbot-3.7

Konfiguration

beispielaufruf mit cloudflare plugin (email und domain ersetzen)

Möglichkeiten für ''-****-key-type'': ''rsa'' oder ''ecdsa''
Möglichkeiten für ''-****-elliptic-curve'': ''secp521r1'', ''secp384r1'' oder ''secp256r1''

RSA Zertifikat

> certbot certonly -n -m email@example.com --agree-tos --no-eff-email --preferred-challenges dns --expand --rsa-key-size 4096 --key-type rsa --elliptic-curve secp384r1 --dns-cloudflare --dns-cloudflare-propagation-seconds 30 --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d example.com,*.example.com

ECDSA Zertifikat

> certbot certonly -n -m email@example.com --agree-tos --no-eff-email --preferred-challenges dns --expand --rsa-key-size 4096 --key-type ecdsa --elliptic-curve secp384r1 --dns-cloudflare --dns-cloudflare-propagation-seconds 30 --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d example.com,*.example.com

zertifikate auflisten die von certbot gemanaged werden

> certbot certificates

alle zertifikate erneuern

> certbot renew

mit --dry-run und --test-cert kann man testen (siehe man page)
mit --force-renewal kann man eine Erneuerung erzwingen

let_s_encrypt.txt · Zuletzt geändert: 2021/05/17 20:31 von david