Page History
...
The certificate is issued for 3 months. The script that checks for renewals needed is running twice a day on a random minute from /etc/cron.d/certbot
.
Code Block |
---|
# Latest install instructions available at: https://certbot.eff.org/lets-encrypt sudo apt-get update sudo apt-get install software-properties-common sudo python-letsencryptadd-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-apache # register and request first certificate, but do not change Apache configuration (we'll do it manually) sudo letsencrypt --apache certonly Enter email address (used for urgent notices and lost key recovery) sysadmin@duraspace.org Which names would you like to activate HTTPS for? [*] demo.dspace.org IMPORTANT NOTES: - If you lose your account credentials, you can recover through e-mails sent to sysadmin@duraspace.org. - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/demo.dspace.org/fullchain.pem. Your cert will expire on 2017-01-04. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - Your account credentials have been saved in your Let's Encrypt configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal. # replace self-signed certificates with Let's Encrypt certificates sudo vim /etc/apache2/sites-enabled/25-ssl-demo.dspace.org.conf ## SSL directives SSLEngine on # SSLCertificateFile "/etc/ssl/certs/ssl-cert-snakeoil.pem" # SSLCertificateKeyFile "/etc/ssl/private/ssl-cert-snakeoil.key" # SSLCACertificatePath "/etc/ssl/certs" SSLCertificateFile /etc/letsencrypt/live/demo.dspace.org/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/demo.dspace.org/privkey.pem SSLCACertificateFile /etc/letsencrypt/live/demo.dspace.org/fullchain.pem # test renewal (dry run) sudo letsencrypt renew --dry-run --agree-tos # set up renewal from cron sudo vim /etc/cron.d/certbot # /etc/cron.d/certbot: crontab entries for the certbot package # # Upstream recommends attempting renewal twice a day # # Eventually, this will be an opportunity to validate certificates # haven't been revoked, etc. Renewal will only occur if expiration # is within 30 days. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 */12 * * * root test -x /usr/bin/letsencrypt && perl -e 'sleep int(rand(3600))' && letsencrypt -n renew --agree-tos |
...
Overview
Content Tools