Projekt

Allgemein

Profil

Letsencrypt » Historie » Version 6

Jeremias Keihsler, 22.09.2021 08:41

1 1 Jeremias Keihsler
h1. Letsencrypt
2
3 6 Jeremias Keihsler
another way of obtaining the Let's Enrcrypt - Certificates is via 'dehydrated' see also https://keihsler.com/redmine/projects/dw_os_cos8/wiki/Setup_dehydrated
4
5 1 Jeremias Keihsler
link-list:
6
7
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7
8
https://www.centosblog.com/use-letsencrypt-free-ssl-certificate-centos-linux/
9
https://www.my-it-brain.de/wordpress/der-eigene-mailserver-tls-migration-zu-lets-encrypt/
10
https://www.kuketz-blog.de/certbot-lets-encrypt-tls-zertifikate-fuer-mailserver/
11
https://blog.tausys.de/2016/07/13/letsencrypt-zertifikate-fuer-dovecot-und-postfix/
12
https://community.letsencrypt.org/t/certs-for-mailserver-different-from-webserver/32216/7
13
https://community.letsencrypt.org/t/1-certificate-for-6-domains/49471
14
https://community.letsencrypt.org/t/multiple-domains-webroot-paths-using-webroot-plugin/7982/5
15
https://community.letsencrypt.org/t/installed-correctly-but-still-says-certificate-error-using-edge/49453/2
16 2 Jeremias Keihsler
17
18
taken from https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7
19
20
* epel
21
22
yum install epel-release
23
24
*install
25
26
yum install httpd mod_ssl python-certbot-apache
27
28
yum install certbot
29
30
* apache service
31
32
systemctl start httpd
33
systemctl enable httpd
34
35
* firewall
36
37
firewall-cmd --permanent --zone=public --add-service=http
38
firewall-cmd --permanent --zone=public --add-service=https
39
firewall-cmd --reload
40
41
* test apache service
42
43
curl example.com
44
curl -k https://example.com
45
46 3 Jeremias Keihsler
/opt/eff.org/certbot/venv/bin/certbot --apache -d example.com -d www.example.com
47 4 Jeremias Keihsler
48
h2. renew cert for nginx
49
50
<pre><code class="shell">
51
certbot renew --post-hook '/usr/sbin/service postfix restart; /usr/sbin/service nginx restart; /usr/sbin/service dovecot restart'
52
</code></pre>
53 5 Jeremias Keihsler
54
h2. troubleshooting
55
56
when there are multiple domains double check *.conf in @/etc/letsencrypt/renewal@ especially the section @[[webroot_map]]@