Difference between revisions of "Let's Encrypt"

From RHS Wiki
Jump to navigation Jump to search
(Created page with "= Lets Encrypt = == Install == sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot sudo apt-get install python-certbot-nginx (for...")
(No difference)

Revision as of 10:31, 21 January 2019

Lets Encrypt

Install

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
sudo apt-get install python-certbot-nginx (for nginx)

Create new certificate

sudo certbot certonly --standalone
sudo certbot --nginx -d example.com -d www.example.com

Test certificate renewal

sudo certbot renew --dry-run

Renew certificates

certbot renew

Crontab renewal

$ sudo crontab -e

* 7,19 * * * certbot -q renew

Docs

https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates 

## How to create a self signed ssl cert
1. Copy your openssl.cnf.
 
  ```
  cp /etc/pki/tls/openssl.cnf ./
  ```

2. Modify the configuration file template at ./openssl.cnf and make the following changes:
  - In section [req]
  
  ```
  req_extensions = v3_req # The extensions to add to a certificate request
  ```
  
 - Insection [v3_req]
 
 ```
 subjectAltName = @alt_names
 ```
 - At the end of the configuraiton file
 
  ```
 [ alt_names ]
  DNS.1 = hostname.example.com
  ```

3. Generate your certificate key
 
  ```
  openssl genrsa -out hostname.example.com.key 2048
  ```

4. Use the certificate key and the new openssl.cnf file to create a Certificate Signing Request (CSR):
  
  ```
  openssl req -new -key hostname.example.com.key -out hostname.example.com.csr -extensions v3_req -config openssl.cnf
  ```
  
5. You may either use the generated CSR to obtain a signed certificate from a recognized Certificate Authority (CA). Or, for testing purposes, you may use this to generate a self-signed certificate as follows:
  - Create a new configuration file, v3.cnf, that can host the information for the v3 requirements. Edit it to contain the following lines:
 
  ```
  [v3_req]
  subjectAltName = @alt_names
  [alt_names]
  DNS.1 = hostname.example.com
  ```
  
  - Run the following OpenSSL command to generate a self-signed certificate using the CSR and your local key:
 
  ```
  openssl x509 -req -days 365 -in hostname.example.com.csr -signkey hostname.example.com.key -out hostname.example.com.crt -extensions v3_req -extfile v3.cnf
  ```
Retrieved from "https://wiki.herrerosolis.com/index.php?title=Let%27s_Encrypt&oldid=1668"