SSL certificate instructions: Difference between revisions

From Bitpost wiki
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
I am using free certificates from [https://letsencrypt.org/getting-started/ Let's Encrypt].  For details:
I am using free certificates from [https://letsencrypt.org/getting-started/ Let's Encrypt].  Their certbot app does all the heavy lifting, nice.  Details:


  m@case:~/development/config/bitpost/etc/letsencrypt$ cat README  
  m@case:~/development/config/bitpost/etc/letsencrypt$ cat README  
Line 15: Line 15:


== RENEW ALL CERTS ==
== RENEW ALL CERTS ==
    # NOTE this runs once a month in crontab
     ~/development/scripts/gentoo/bitpost/root/renew_ssl_certs_as_needed.sh
     ~/development/scripts/gentoo/bitpost/root/renew_ssl_certs_as_needed.sh



Latest revision as of 17:09, 28 January 2017

I am using free certificates from Let's Encrypt. Their certbot app does all the heavy lifting, nice. Details:

m@case:~/development/config/bitpost/etc/letsencrypt$ cat README 

INSTALL ON GENTOO

   emerge -av app-crypt/certbot app-crypt/certbot-apache

INSTALL INITIAL CERTS INTO APACHE ON GENTOO

   certbot --apache
   (pick base urls of all configurations found)
   (cerbot generates certs in /etc/letsencrypt/archive/....)
   (certbot sets up symlinks in /etc/letsencrypt/live/#HOSTNAME#/*.pem)
   (certbot updates apache ssl configs to point there)
   emacs the config file and break out chain:

RENEW ALL CERTS

   # NOTE this runs once a month in crontab
   ~/development/scripts/gentoo/bitpost/root/renew_ssl_certs_as_needed.sh

UPGRADE ALL CERTS TO 4096

(haven't done this yet, may impact performance a bit)

   certbot renew --force-renewal --rsa-key-size 4096

NOTE Through 2016, I used StartCom.