• Edit
  • Delete

Letsencrypt

Notes

  • Make sure you have a basic working Apache environment before running letsencrypt
  • Letsencrypt can only parse files with ONE vhost definition!

Ubuntu 16.04

  • https://certbot.eff.org/
  • apt-get install python-letsencrypt-apache
  • letsencrypt --apache
  • vi /etc/crontab
    • # Letsencrypt https certificate update
      23 5,20 * * *   root    letsencrypt renew > /dev/null
      # some options: letsencrypt --quiet --no-self-upgrade renew 
  • Test at https://www.ssllabs.com/ssltest/

Apache only ssl

  • vi etc/apache2/ports.conf
    • Comment out"Listen 80"
  • Deactivate all sites except /etc/apache2/sites-available/000-default-le-ssl.conf
  • vi /etc/apache2/sites-available/000-default-le-ssl.conf

Ubuntu 14.04

Installation

  • Make sure apache configs are ok and apache restart works without problems
  • cd /usr/local/bin
  • wget https://dl.eff.org/certbot-auto
  • chmod a+x certbot-auto
  • certbot-auto
  • vi /etc/crontab
    • # Renew letsencrypt https certificates
      33 11,22 * * *   root certbot-auto renew --quiet --no-self-upgrade

Manual Certificates

  • certbot-auto certonly --apache --domains www.example.com
    • -> at vhost selection type "c" to cancel
  • vi /etc/apache2/sites-available/example.com
    • <IfModule mod_ssl.c>
      <VirtualHost *:443>
        ...
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem
      </VirtualHost>
      </IfModule>
      
      
      # Alternative names and force ssl redirect
      <VirtualHost *:80>
        ServerName www.example.com
        ServerAlias example.com
        RewriteEngine on
        RewriteRule ^ https://www.example.com%{REQUEST_URI} [L,QSA,R=permanent]
      </VirtualHost>
  • apache2ctl configtest
  • apache2ctl restart