Difference between revisions of "Letsencrypt"

From SME Server
Jump to navigationJump to search
Line 7: Line 7:
 
Let’s Encrypt is a new Certificate Authority:  
 
Let’s Encrypt is a new Certificate Authority:  
 
It’s free, automated, and open.
 
It’s free, automated, and open.
 +
It's main purpose is to allow people to encrypt the internet traffic by a very simple system.
 +
 +
The certs delivred must be renew every 3 months.
  
 
== Installation ==
 
== Installation ==
Line 40: Line 43:
 
Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680
 
Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680
  
 +
== Renew of the certs ==
 +
 +
A simple bash to renew cert :
 +
 +
<pre>
 +
#!/bin/bash
 +
source /opt/rh/python27/enable
 +
export X_SCLS="`scl enable python27 'echo $X_SCLS'`"
 +
service httpd-e-smith stop
 +
cd /src/letsencrypt
 +
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk --renew-by-default
 +
service httpd-e-smith start
 +
</pre>
 
----
 
----
 
[[Category:Howto]]
 
[[Category:Howto]]

Revision as of 17:36, 6 December 2015


Important.png Note:
To install or use a different version on SME Server 9.x, please see http://wiki.contribs.org/Software_Collections


PythonIcon.png Skill level: Advanced
The instructions on this page may require deviations from standard procedures. A good understanding of linux and Koozali SME Server is recommended.


Warning.png Warning:
This procedure change the default certificates and could significantly compromise your server's security.
Thorough understanding of linux system management is required.

Proceed at your own risk


Introduction

Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open. It's main purpose is to allow people to encrypt the internet traffic by a very simple system.

The certs delivred must be renew every 3 months.

Installation

followed instructions at http://wiki.contribs.org/Software_Collections and the python related wiki page specifically.

add the 2.7 scl-repository by following : http://wiki.contribs.org/Scl#tab=Python27

Then : yum install python27 --enablerepo=scl-python27

at this time : scl enable python27 bash

To use Let's Encrypt run: 

mkdir src
cd src
git clone https://github.com/letsencrypt/letsencrypt.git
cd letsencrypt
service httpd-e-smith stop
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk

Replacing email and domains as required. Then configure SME with the certificates generated: 

config setprop modSSL crt /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
config setprop modSSL key /etc/letsencrypt/live/test.firstdomain.co.uk/privkey.pem
config setprop modSSL CertificateChainFile /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
signal-event post-upgrade; signal-event reboot

Source from info

Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680

Renew of the certs

A simple bash to renew cert : 

#!/bin/bash
source /opt/rh/python27/enable
export X_SCLS="`scl enable python27 'echo $X_SCLS'`"
service httpd-e-smith stop
cd /src/letsencrypt
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk --renew-by-default
service httpd-e-smith start
Retrieved from "https://wiki.koozali.org/index.php?title=Letsencrypt&oldid=29782"