Page History
...
Code Block |
---|
sudo apt-get install python-letsencrypt-apache # register and request firt certificate, but do not change Apache configuration (we'll do it manually) sudo letsencrypt --apache certonly Enter email address (used for urgent notices and lost key recovery) sysadmin@duraspace.org Which names would you like to activate HTTPS for? [*] demo.dspace.org IMPORTANT NOTES: - If you lose your account credentials, you can recover through e-mails sent to sysadmin@duraspace.org. - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/demo.dspace.org/fullchain.pem. Your cert will expire on 2017-01-04. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - Your account credentials have been saved in your Let's Encrypt configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal. # replace self-signed certificates with Let's Encrypt certificates sudo vim /etc/apache2/sites-enabled/25-ssl-demo.dspace.org.conf ## SSL directives SSLEngine on # SSLCertificateFile "/etc/ssl/certs/ssl-cert-snakeoil.pem" # SSLCertificateKeyFile "/etc/ssl/private/ssl-cert-snakeoil.key" # SSLCACertificatePath "/etc/ssl/certs" SSLCertificateFile /etc/letsencrypt/live/demo.dspace.org/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/demo.dspace.org/privkey.pem SSLCACertificateFile /etc/letsencrypt/live/demo.dspace.org/fullchain.pem # test renewal (dry run) sudo letsencrypt renew --dry-run --agree-tos # set up renewal from cron sudo vim /etc/cron.d/certbot # /etc/cron.d/certbot: crontab entries for the certbot package # # Upstream recommends attempting renewal twice a day # # Eventually, this will be an opportunity to validate certificates # haven't been revoked, etc. Renewal will only occur if expiration # is within 30 days. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 */12 * * * root test -x /usr/bin/letsencrypt && perl -e 'sleep int(rand(3600))' && letsencrypt -qn renew --agree-tos |
Overview
Content Tools