SSL certificate instructions: Difference between revisions

From Bitpost wiki
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
I am using free certificates from [https://letsencrypt.org/getting-started/ Let's Encrypt].   
I am using free certificates from [https://letsencrypt.org/getting-started/ Let's Encrypt].  Their certbot app does all the heavy lifting, nice.  Details:


* Install [https://certbot.eff.org/#ubuntutyakkety-apache certbot] with:
m@case:~/development/config/bitpost/etc/letsencrypt$ cat README
 
 
 
certbot certonly --webroot -w /var/www/example/ -d www.example.com -d example.com -w /var/www/other -d other.example.net -d another.other.example.net


== INSTALL ON GENTOO ==
    emerge -av app-crypt/certbot app-crypt/certbot-apache


== INSTALL INITIAL CERTS INTO APACHE ON GENTOO ==
    certbot --apache
    (pick base urls of all configurations found)
    (cerbot generates certs in /etc/letsencrypt/archive/....)
    (certbot sets up symlinks in /etc/letsencrypt/live/#HOSTNAME#/*.pem)
    (certbot updates apache ssl configs to point there)
    emacs the config file and break out chain:


== RENEW ALL CERTS ==
    # NOTE this runs once a month in crontab
    ~/development/scripts/gentoo/bitpost/root/renew_ssl_certs_as_needed.sh


== UPGRADE ALL CERTS TO 4096 ==
(haven't done this yet, may impact performance a bit)
    certbot renew --force-renewal --rsa-key-size 4096


NOTE Through 2016, I used [[StartCom]].
NOTE Through 2016, I used [[StartCom]].

Latest revision as of 17:09, 28 January 2017

I am using free certificates from Let's Encrypt. Their certbot app does all the heavy lifting, nice. Details: 

m@case:~/development/config/bitpost/etc/letsencrypt$ cat README

INSTALL ON GENTOO

   emerge -av app-crypt/certbot app-crypt/certbot-apache

INSTALL INITIAL CERTS INTO APACHE ON GENTOO

   certbot --apache
   (pick base urls of all configurations found)
   (cerbot generates certs in /etc/letsencrypt/archive/....)
   (certbot sets up symlinks in /etc/letsencrypt/live/#HOSTNAME#/*.pem)
   (certbot updates apache ssl configs to point there)
   emacs the config file and break out chain:

RENEW ALL CERTS

   # NOTE this runs once a month in crontab
   ~/development/scripts/gentoo/bitpost/root/renew_ssl_certs_as_needed.sh

UPGRADE ALL CERTS TO 4096

(haven't done this yet, may impact performance a bit) 

   certbot renew --force-renewal --rsa-key-size 4096

NOTE Through 2016, I used StartCom.

Retrieved from "https://bitpost.com/w/index.php?title=SSL_certificate_instructions&oldid=4213"