LetsEncryptClient

Navod na instalaci a pouziti klienta pro generovani certifikatu Let's Encrypt.

V podstate opakovat postup popsany na root.cz

http://www.root.cz/clanky/let-s-encrypt-v-praxi-jak-jsem-presel-na-https/

1. Vytvorit uzivatele

# adduser letsencrypt
# su - letsencrypt

2. Stahnout aktualni verzi.

$ git clone https://github.com/letsencrypt/letsencrypt

3. Pridat do sudoers

letsencrypt    ALL=NOPASSWD:/home/letsencrypt/letsencrypt/bootstrap/, /sbin/service nginx reload

4. Spustit letsencrypt-auto --debug, natahne dalsi zavislosti pres yum a nainstaluje python virtualenv.

$ letsencrypt-auto --debug

5. Vytvorit potrebne adresre v home letsencrypt

$ mkdir -p etc lib log webroot

6. Upravit soubor letsencrypt-auto, pridat na 69. radek

SUDO=

jinak to pak dela sudo i pri operacich, ktere uz sudo nepotrebuji.

7. Pridat do apache alias pro overeni domeny, pri vytvareni certifikatu.

Alias /.well-known/ /home/letsencrypt/webroot/.well-known/

<Directory "/home/letsencrypt/webroot/.well-known/">
        AllowOverride None
        Require all granted
</Directory>

Pro nginx by melo byt

location /.well-known/ {
        root /home/letsencrypt/webroot/;
}

8. Vytvorit a upravit ini soubor, v /home/letsencrypt/etc/configs/le-mail.uvt.cz.ini

cat le-mail.uvt.cz.ini
rsa-key-size = 2048

email = linux@uvt.cz
domains = mail.uvt.cz

authenticator = webroot

text = True
agree-tos = True

# Always use the staging/testing server
server = https://acme-v01.api.letsencrypt.org/directory

# This is the webroot directory of your domain in which
# letsencrypt will write a hash in /.well-known/acme-challenge directory.
webroot-path = /home/letsencrypt/webroot/
config-dir = /home/letsencrypt/etc
logs-dir = /home/letsencrypt/log
work-dir = /home/letsencrypt/lib

9. Vygenerovat certifikat

#!/bin/bash
./letsencrypt/letsencrypt-auto --debug certonly --config /home/letsencrypt/etc/configs/le-mail.uvt.cz.ini

10. Certifikaty jsou v /home/letsencrypt/etc

LetsEncryptClient

Nabídka

Přihlášení

Vyhledávání