Letsencrypt » Historie » Version 6
Jeremias Keihsler, 22.09.2021 08:41
1 | 1 | Jeremias Keihsler | h1. Letsencrypt |
---|---|---|---|
2 | |||
3 | 6 | Jeremias Keihsler | another way of obtaining the Let's Enrcrypt - Certificates is via 'dehydrated' see also https://keihsler.com/redmine/projects/dw_os_cos8/wiki/Setup_dehydrated |
4 | |||
5 | 1 | Jeremias Keihsler | link-list: |
6 | |||
7 | https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7 |
||
8 | https://www.centosblog.com/use-letsencrypt-free-ssl-certificate-centos-linux/ |
||
9 | https://www.my-it-brain.de/wordpress/der-eigene-mailserver-tls-migration-zu-lets-encrypt/ |
||
10 | https://www.kuketz-blog.de/certbot-lets-encrypt-tls-zertifikate-fuer-mailserver/ |
||
11 | https://blog.tausys.de/2016/07/13/letsencrypt-zertifikate-fuer-dovecot-und-postfix/ |
||
12 | https://community.letsencrypt.org/t/certs-for-mailserver-different-from-webserver/32216/7 |
||
13 | https://community.letsencrypt.org/t/1-certificate-for-6-domains/49471 |
||
14 | https://community.letsencrypt.org/t/multiple-domains-webroot-paths-using-webroot-plugin/7982/5 |
||
15 | https://community.letsencrypt.org/t/installed-correctly-but-still-says-certificate-error-using-edge/49453/2 |
||
16 | 2 | Jeremias Keihsler | |
17 | |||
18 | taken from https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7 |
||
19 | |||
20 | * epel |
||
21 | |||
22 | yum install epel-release |
||
23 | |||
24 | *install |
||
25 | |||
26 | yum install httpd mod_ssl python-certbot-apache |
||
27 | |||
28 | yum install certbot |
||
29 | |||
30 | * apache service |
||
31 | |||
32 | systemctl start httpd |
||
33 | systemctl enable httpd |
||
34 | |||
35 | * firewall |
||
36 | |||
37 | firewall-cmd --permanent --zone=public --add-service=http |
||
38 | firewall-cmd --permanent --zone=public --add-service=https |
||
39 | firewall-cmd --reload |
||
40 | |||
41 | * test apache service |
||
42 | |||
43 | curl example.com |
||
44 | curl -k https://example.com |
||
45 | |||
46 | 3 | Jeremias Keihsler | /opt/eff.org/certbot/venv/bin/certbot --apache -d example.com -d www.example.com |
47 | 4 | Jeremias Keihsler | |
48 | h2. renew cert for nginx |
||
49 | |||
50 | <pre><code class="shell"> |
||
51 | certbot renew --post-hook '/usr/sbin/service postfix restart; /usr/sbin/service nginx restart; /usr/sbin/service dovecot restart' |
||
52 | </code></pre> |
||
53 | 5 | Jeremias Keihsler | |
54 | h2. troubleshooting |
||
55 | |||
56 | when there are multiple domains double check *.conf in @/etc/letsencrypt/renewal@ especially the section @[[webroot_map]]@ |