Versions Compared

Old Version 30

changes.mady.by.user Ivan Masár

Saved on

compared with

New Version 31

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
sudo apt-get install python-letsencrypt-apache
 
# register and request firt certificate, but do not change Apache configuration (we'll do it manually)
sudo letsencrypt --apache certonly

Enter email address (used for urgent notices and lost key recovery)
sysadmin@duraspace.org

Which names would you like to activate HTTPS for?
[*] demo.dspace.org

IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through
   e-mails sent to sysadmin@duraspace.org.
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/demo.dspace.org/fullchain.pem. Your cert will
   expire on 2017-01-04. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - Your account credentials have been saved in your Let's Encrypt
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Let's
   Encrypt so making regular backups of this folder is ideal.
 
# replace self-signed certificates with Let's Encrypt certificates
sudo vim /etc/apache2/sites-enabled/25-ssl-demo.dspace.org.conf
  ## SSL directives
  SSLEngine on
#  SSLCertificateFile      "/etc/ssl/certs/ssl-cert-snakeoil.pem"
#  SSLCertificateKeyFile   "/etc/ssl/private/ssl-cert-snakeoil.key"
#  SSLCACertificatePath    "/etc/ssl/certs"
  SSLCertificateFile    /etc/letsencrypt/live/demo.dspace.org/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/demo.dspace.org/privkey.pem
  SSLCACertificateFile  /etc/letsencrypt/live/demo.dspace.org/fullchain.pem
 
# test renewal (dry run)
sudo letsencrypt renew --dry-run --agree-tos
 
# set up renewal from cron
sudo vim /etc/cron.d/certbot
 
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/letsencrypt && perl -e 'sleep int(rand(3600))' && letsencrypt -qn renew --agree-tos