etc
Renewal

You're viewing old version number 5. - Current version

1 min

Using let's encrypt at digital ocean

as of sep 26, 2016, i'm still using ubuntu 12.04.


followed instructions at:
https://www.reinisfischer.com/linode-how-secure-nginx-lets-encrypt-ubuntu-1204

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

sudo service nginx stop

cd /opt/letsencrypt

sudo ./letsencrypt-auto certonly --standalone

(numerous ubuntu packages may be updated)

(then a text-based app will start. answer prompts, such as adding domain names.)

Note that if you want a single cert to work with multiple domain names (e.g. example.com and www.example.com (link is external)), be sure to include all of them.

(if successful, the terminal app exits. the following info was displayed to me.)

Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/soupmode.com/fullchain.pem. Your cert will
expire on 2016-12-25. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew all of your certificates, run
"letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

The files themselves are placed in a subdirectory in/etc/letsencrypt/archive. However, Let's Encrypt creates symbolic links to the most recent certificate files in the /etc/letsencrypt/live/your_domain_name directory. Because the links will always point to the most recent certificate files, this is the path that you should use to refer to your certificate files.
ssl_certificate /etc/letsencrypt/live/www.reinisfischer.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.reinisfischer.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

etc

https://letsencrypt.org/getting-started/

https://certbot.eff.org/#ubuntuother-nginx

https://www.reinisfischer.com/linode-how-secure-nginx-lets-encrypt-ubuntu-1204

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04

Renewal

Renewed on Sat, Dec 24, 2016:


soupmode:/opt/letsencrypt# service nginx stop
Stopping nginx: nginx.
soupmode:/opt/letsencrypt# ./letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/soupmode.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for soupmode.com
tls-sni-01 challenge for www.soupmode.com
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/soupmode.com/fullchain.pem
-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/soupmode.com/fullchain.pem (success)
soupmode:/opt/letsencrypt# service nginx start


From viewing the cert info via chrome browser:

Issued On 12/24/16
Expires On 3/24/17

From JR's : articles
328 words - 3615 chars - 1 min read
created on
updated on - #
source - versions



A     A     A     A     A

© 2013-2017 JotHut - Online notebook

current date: Dec 25, 2024 - 10:59 a.m. EST