MoinMoin Logo
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Navigation

  • Start
  • Sitemap

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

Revision 8 as of 2023-10-11 20:49:30
  • certbot

certbot

  • https://certbot.eff.org/

  • https://letsencrypt.org/docs/client-options/

https://letsencrypt.org/docs/faq/#does-let-s-encrypt-issue-wildcard-certificates Yes. Wildcard issuance must be done via ACMEv2 using the DNS-01 challenge. See this post for more technical information.

Install

   1 wget https://dl.eff.org/certbot-auto
   2 sudo mv certbot-auto /usr/local/bin/certbot-auto
   3 sudo chown root /usr/local/bin/certbot-auto
   4 sudo chmod 0755 /usr/local/bin/certbot-auto
   5 certbot-auto

Get cert to domain www.example.org (nginx)

   1 /usr/local/bin/certbot-auto certonly --webroot
   2 #Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'to cancel): www.example.org
   3 # - Congratulations! Your certificate and chain have been saved at:
   4 #   /etc/letsencrypt/live/www.example.org/fullchain.pem
   5 #   Your key file has been saved at:
   6 #   /etc/letsencrypt/live/www.example.org/privkey.pem
   7 cd /etc/letsencrypt/live/www.example.org/
   8 cat cert.pem  > www_ca_bundle.crt
   9 echo "" >> www_ca_bundle.crt 
  10 cat  chain.pem >> www_ca_bundle.crt
  11 cp privkey.pem /etc/ssl/private/www_private.key 
  12 cp www_ca_bundle.crt /etc/ssl/certs/www_ca_bundle.crt
  13 nano /etc/nginx/sites-enabled/www.example.org
  14 # ssl_certificate /etc/ssl/certs/www_ca_bundle.crt;
  15 # ssl_certificate_key /etc/ssl/private/www_private.key;
  16 # change paths ...
  17 service nginx restart

Get cert to domain using other webroot

   1 cd /etc/nginx/sites-available
   2 cp other.example.org other.example.org.ori 
   3 cp www.example.org other.example.org
   4 sed -i 's/server_name www.example.org/server_name other.example.org/g' other.example.org
   5 cat other.example.org
   6 # restart nginx
   7 service nginx restart
   8 
   9 /usr/local/bin/certbot-auto certonly --webroot
  10 # Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c' to cancel): other.example.org
  11 # Input the webroot for other.example.org: (Enter 'c' to cancel): /var/www/www.example.org
  12 # Congratulations! Your certificate and chain have been saved at:
  13 #   /etc/letsencrypt/live/other.example.org/fullchain.pem
  14 #   Your key file has been saved at:
  15 #   /etc/letsencrypt/live/other.example.org/privkey.pem
  16 
  17 cp /etc/nginx/sites-available/other.example.org.ori  /etc/nginx/sites-available/other.example.org
  18 cd  /etc/letsencrypt/live/other.example.org/
  19 cat cert.pem  > other_certificate_bundle.crt;
  20 echo "" >> other_certificate_bundle.crt;
  21 cat  chain.pem >> other_certificate_bundle.crt;
  22 cp privkey.pem /etc/ssl/private/other_private.key 
  23 cp other_certificate_bundle.crt /etc/ssl/certs/other_certificate_bundle.crt;
  24 service nginx restart

Install on Ubuntu with snap

   1 sudo snap install core
   2 sudo snap refresh core
   3 sudo snap install --classic certbot
   4 sudo ln -s /snap/bin/certbot /usr/bin/certbot
   5 certbot --nginx
  • MoinMoin Powered
  • Python Powered
  • GPL licensed
  • Valid HTML 4.01