SSL certificate instructions

From Bitpost wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

I am using free certificates from Let's Encrypt. Their certbot app does all the heavy lifting, nice. Details:

m@case:~/development/config/bitpost/etc/letsencrypt$ cat README 

INSTALL ON GENTOO

   emerge -av app-crypt/certbot app-crypt/certbot-apache

INSTALL INITIAL CERTS INTO APACHE ON GENTOO

   certbot --apache
   (pick base urls of all configurations found)
   (cerbot generates certs in /etc/letsencrypt/archive/....)
   (certbot sets up symlinks in /etc/letsencrypt/live/#HOSTNAME#/*.pem)
   (certbot updates apache ssl configs to point there)
   emacs the config file and break out chain:

RENEW ALL CERTS

   # NOTE this runs once a month in crontab
   ~/development/scripts/gentoo/bitpost/root/renew_ssl_certs_as_needed.sh

UPGRADE ALL CERTS TO 4096

(haven't done this yet, may impact performance a bit)

   certbot renew --force-renewal --rsa-key-size 4096

NOTE Through 2016, I used StartCom.