Webseiten-Werkzeuge


let_s_encrypt

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
let_s_encrypt [2021/05/17 20:28]
david [Konfiguration]
let_s_encrypt [2021/05/17 20:31] (aktuell)
david [Konfiguration]
Zeile 1: Zeile 1:
 +====== Let's Encrypt ======
  
 +===== Certbot =====
 +
 +  * [[https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx]]
 +  * [[https://certbot.eff.org/docs/install.html]]
 +
 +
 +==== Installation ====
 +
 +=== Ubuntu ===
 +
 +mit snapd installieren
 +
 +=== FreeBSD ===
 +
 +Paketnamen:
 +  security/py-certbot
 +  security/py-certbot-dns-cloudflare
 +
 +<file bash>
 +Installing py37-certbot-1.14.0,1...
 +This port installs the "standalone" client only, which does not use and
 +is not the certbot-auto bootstrap/wrapper script.
 +
 +The simplest form of usage to obtain certificates is:
 +
 + # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>
 +
 +NOTE:
 +
 +The client requires the ability to bind on TCP port 80 or 443 (depending
 +on the --preferred-challenges option used). If a server is running on that
 +port, it will need to be temporarily stopped so that the standalone server
 +can listen on that port to complete the challenge authentication process.
 +
 +For more information on the 'standalone' mode, see:
 +
 +  https://certbot.eff.org/docs/using.html#standalone
 +
 +The certbot plugins to support apache and nginx certificate installation
 +will be made available in the following ports:
 +
 + * Apache plugin: security/py-certbot-apache
 + * Nginx plugin: security/py-certbot-nginx
 +
 +In order to automatically renew the certificates, add this line to
 +/etc/periodic.conf:
 +
 +    weekly_certbot_enable="YES"
 +
 +More config details in the certbot periodic script:
 +
 +    /usr/local/etc/periodic/weekly/500.certbot-3.7
 +
 +</file>
 +
 +==== Konfiguration ====
 +
 +    * https://certbot.eff.org/docs/using.html
 +
 +
 +beispielaufruf mit cloudflare plugin (email und domain ersetzen)
 +
 +  Möglichkeiten für ''-****-key-type'': ''rsa'' oder ''ecdsa''
 +  Möglichkeiten für ''-****-elliptic-curve'': ''secp521r1'', ''secp384r1'' oder ''secp256r1''
 +
 +RSA Zertifikat
 +  > certbot certonly -n -m email@example.com --agree-tos --no-eff-email --preferred-challenges dns --expand --rsa-key-size 4096 --key-type rsa --elliptic-curve secp384r1 --dns-cloudflare --dns-cloudflare-propagation-seconds 30 --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d example.com,*.example.com
 +
 +ECDSA Zertifikat
 +  > certbot certonly -n -m email@example.com --agree-tos --no-eff-email --preferred-challenges dns --expand --rsa-key-size 4096 --key-type ecdsa --elliptic-curve secp384r1 --dns-cloudflare --dns-cloudflare-propagation-seconds 30 --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d example.com,*.example.com
 +
 +zertifikate auflisten die von certbot gemanaged werden
 +  > certbot certificates
 +
 +alle zertifikate erneuern
 +  > certbot renew
 +
 +mit ''-****-dry-run'' und ''-****-test-cert'' kann man testen (siehe man page) \\
 +mit ''-****-force-renewal'' kann man eine Erneuerung erzwingen
let_s_encrypt.txt · Zuletzt geändert: 2021/05/17 20:31 von david