• Edit
  • Delete

Letsencrypt

Notes

  • Make sure you have a basic working Apache environment before running letsencrypt
  • Letsencrypt can only parse files with ONE vhost definition!

Ubuntu 16.04

  • https://certbot.eff.org/
  • apt-get install python-letsencrypt-apache
  • letsencrypt --apache
  • vi /etc/crontab
    • # Letsencrypt https certificate update
      23 5,20 * * *   root    letsencrypt renew > /dev/null
      # some options: letsencrypt --quiet --no-self-upgrade renew 
  • Test at https://www.ssllabs.com/ssltest/

Apache only ssl

  • vi etc/apache2/ports.conf
    • Comment out"Listen 80"
  • Deactivate all sites except /etc/apache2/sites-available/000-default-le-ssl.conf
  • vi /etc/apache2/sites-available/000-default-le-ssl.conf

Ubuntu 14.04

Installation

  • Make sure apache configs are ok and apache restart works without problems
  • cd /usr/local/bin
  • wget https://dl.eff.org/certbot-auto
  • chmod a+x certbot-auto
  • certbot-auto
  • vi /etc/crontab
    • # Renew letsencrypt https certificates
      33 11,22 * * *   root certbot-auto renew --quiet --no-self-upgrade

Manual Certificates

  • certbot-auto certonly --apache --domains www.example.com
    • -> at vhost selection type "c" to cancel
  • vi /etc/apache2/sites-available/example.com
    • <IfModule mod_ssl.c>
      <VirtualHost *:443>
        ...
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem
      </VirtualHost>
      </IfModule>
      
      
      # Alternative names and force ssl redirect
      <VirtualHost *:80>
        ServerName www.example.com
        ServerAlias example.com
        RewriteEngine on
        RewriteRule ^ https://www.example.com%{REQUEST_URI} [L,QSA,R=permanent]
      </VirtualHost>
  • apache2ctl configtest
  • apache2ctl restart

Upgrade from Ubuntu 12.04 to 14.04

  • Error:
    • Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt: 
      Traceback (most recent call last):
        File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
          from certbot.main import main
        File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 11, in <module>
          from acme import jose
        File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/jose/__init__.py", line 37, in <module>
          from acme.jose.interfaces import JSONDeSerializable
        File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/jose/interfaces.py", line 9, in <module>
          from acme.jose import util
        File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/jose/util.py", line 5, in <module>
          import OpenSSL
        File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
          from OpenSSL import rand, crypto, SSL
        File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/OpenSSL/crypto.py", line 1, in <module>
          import datetime
      ImportError: No module named datetime
  • mv /opt/eff.org/certbot /opt/eff.org/certbot.old
  • certbot-auto