Using let's encrypt at digital ocean
as of sep 26, 2016, i'm still using ubuntu 12.04.
followed instructions at:
https://www.reinisfischer.com/linode-how-secure-nginx-lets-encrypt-ubuntu-1204
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
sudo service nginx stop
cd /opt/letsencrypt
sudo ./letsencrypt-auto certonly --standalone
(numerous ubuntu packages may be updated)
(then a text-based app will start. answer prompts, such as adding domain names.)
Note that if you want a single cert to work with multiple domain names (e.g. example.com and www.example.com (link is external)), be sure to include all of them.
(if successful, the terminal app exits. the following info was displayed to me.)
Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/soupmode.com/fullchain.pem. Your cert will
expire on 2016-12-25. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew all of your certificates, run
"letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
The files themselves are placed in a subdirectory in/etc/letsencrypt/archive. However, Let's Encrypt creates symbolic links to the most recent certificate files in the /etc/letsencrypt/live/your_domain_name directory. Because the links will always point to the most recent certificate files, this is the path that you should use to refer to your certificate files.
ssl_certificate /etc/letsencrypt/live/www.reinisfischer.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.reinisfischer.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
etc
https://letsencrypt.org/getting-started/
https://certbot.eff.org/#ubuntuother-nginx
https://www.reinisfischer.com/linode-how-secure-nginx-lets-encrypt-ubuntu-1204
Renewal
Renewed on Sat, Dec 24, 2016:
soupmode:/opt/letsencrypt# service nginx stop
Stopping nginx: nginx.
soupmode:/opt/letsencrypt# ./letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/soupmode.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for soupmode.com
tls-sni-01 challenge for www.soupmode.com
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/soupmode.com/fullchain.pem
-------------------------------------------------------------------------------
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/soupmode.com/fullchain.pem (success)
soupmode:/opt/letsencrypt# service nginx start
From viewing the cert info via chrome browser:
Issued On 12/24/16
Expires On 3/24/17
- i used the above instructions to renew manually on mar 24, 2017. cert info now states:
Issued On 3/24/17
Expires On 6/22/17
within the final month or so of the current cert, i receive automated emails from let's encrypt, reminding me that the cert expires on a set date. I receive at least three reminders.
renewed june 24, 2017.
From JR's : articles
385 words - 3954 chars
- 2 min read
created on
updated on
- #
source
- versions
- backlinks