2,306
edits
Changes
Jump to navigation
Jump to search
Created page with "= Lets Encrypt = == Install == sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot sudo apt-get install python-certbot-nginx (for..."
= Lets Encrypt =
== Install ==
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
sudo apt-get install python-certbot-nginx (for nginx)
== Create new certificate ==
sudo certbot certonly --standalone
sudo certbot --nginx -d example.com -d www.example.com
== Test certificate renewal ==
sudo certbot renew --dry-run
== Renew certificates ==
certbot renew
== Crontab renewal ==
$ sudo crontab -e
* 7,19 * * * certbot -q renew
== Docs ==
https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates
<source lang="markup">## How to create a self signed ssl cert
1. Copy your openssl.cnf.
```
cp /etc/pki/tls/openssl.cnf ./
```
2. Modify the configuration file template at ./openssl.cnf and make the following changes:
- In section [req]
```
req_extensions = v3_req # The extensions to add to a certificate request
```
- Insection [v3_req]
```
subjectAltName = @alt_names
```
- At the end of the configuraiton file
```
[ alt_names ]
DNS.1 = hostname.example.com
```
3. Generate your certificate key
```
openssl genrsa -out hostname.example.com.key 2048
```
4. Use the certificate key and the new openssl.cnf file to create a Certificate Signing Request (CSR):
```
openssl req -new -key hostname.example.com.key -out hostname.example.com.csr -extensions v3_req -config openssl.cnf
```
5. You may either use the generated CSR to obtain a signed certificate from a recognized Certificate Authority (CA). Or, for testing purposes, you may use this to generate a self-signed certificate as follows:
- Create a new configuration file, v3.cnf, that can host the information for the v3 requirements. Edit it to contain the following lines:
```
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = hostname.example.com
```
- Run the following OpenSSL command to generate a self-signed certificate using the CSR and your local key:
```
openssl x509 -req -days 365 -in hostname.example.com.csr -signkey hostname.example.com.key -out hostname.example.com.crt -extensions v3_req -extfile v3.cnf
```</source>
== Install ==
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
sudo apt-get install python-certbot-nginx (for nginx)
== Create new certificate ==
sudo certbot certonly --standalone
sudo certbot --nginx -d example.com -d www.example.com
== Test certificate renewal ==
sudo certbot renew --dry-run
== Renew certificates ==
certbot renew
== Crontab renewal ==
$ sudo crontab -e
* 7,19 * * * certbot -q renew
== Docs ==
https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates
<source lang="markup">## How to create a self signed ssl cert
1. Copy your openssl.cnf.
```
cp /etc/pki/tls/openssl.cnf ./
```
2. Modify the configuration file template at ./openssl.cnf and make the following changes:
- In section [req]
```
req_extensions = v3_req # The extensions to add to a certificate request
```
- Insection [v3_req]
```
subjectAltName = @alt_names
```
- At the end of the configuraiton file
```
[ alt_names ]
DNS.1 = hostname.example.com
```
3. Generate your certificate key
```
openssl genrsa -out hostname.example.com.key 2048
```
4. Use the certificate key and the new openssl.cnf file to create a Certificate Signing Request (CSR):
```
openssl req -new -key hostname.example.com.key -out hostname.example.com.csr -extensions v3_req -config openssl.cnf
```
5. You may either use the generated CSR to obtain a signed certificate from a recognized Certificate Authority (CA). Or, for testing purposes, you may use this to generate a self-signed certificate as follows:
- Create a new configuration file, v3.cnf, that can host the information for the v3 requirements. Edit it to contain the following lines:
```
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = hostname.example.com
```
- Run the following OpenSSL command to generate a self-signed certificate using the CSR and your local key:
```
openssl x509 -req -days 365 -in hostname.example.com.csr -signkey hostname.example.com.key -out hostname.example.com.crt -extensions v3_req -extfile v3.cnf
```</source>