147
edits
Changes
Jump to navigation
Jump to search
Line 9:
Line 9: − + Line 17:
Line 17: − + − + − at this time : scl enable python27 bash+ − <pre>+ − + − + − + − + − + − + − </pre> − <pre>+ − + − + − + − − </pre> − + + + + + + + + + + + + + + − <pre> − #!/bin/bash − source /opt/rh/python27/enable − export X_SCLS="`scl enable python27 'echo $X_SCLS'`" − service httpd-e-smith stop − cd /src/letsencrypt − ./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk --renew-by-default − service httpd-e-smith start − </pre> − ----
Corrected a couple of paths, formatted text, added backup section
It's main purpose is to allow people to encrypt the internet traffic by a very simple system.
It's main purpose is to allow people to encrypt the internet traffic by a very simple system.
The certs delivred must be renew every 3 months.
The certs delivered must be renewed every 3 months.
== Installation ==
== Installation ==
add the 2.7 scl-repository by following : http://wiki.contribs.org/Scl#tab=Python27
add the 2.7 scl-repository by following : http://wiki.contribs.org/Scl#tab=Python27
Then : yum install python27 --enablerepo=scl-python27
Then:
yum install python27 --enablerepo=scl-python27
yum install git
To use Let's Encrypt run:
To use Let's Encrypt run:
scl enable python27 bash
mkdir src
mkdir /src
cd src
cd /src
git clone https://github.com/letsencrypt/letsencrypt.git
git clone https://github.com/letsencrypt/letsencrypt.git
cd letsencrypt
cd letsencrypt
service httpd-e-smith stop
service httpd-e-smith stop
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk
Replacing email and domains as required. Then configure SME with the certificates generated:
Replacing email and domains as required. Then configure SME with the certificates generated:
config setprop modSSL crt /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
config setprop modSSL crt /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
config setprop modSSL key /etc/letsencrypt/live/test.firstdomain.co.uk/privkey.pem
config setprop modSSL key /etc/letsencrypt/live/test.firstdomain.co.uk/privkey.pem
config setprop modSSL CertificateChainFile /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
config setprop modSSL CertificateChainFile /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
signal-event post-upgrade; signal-event reboot
signal-event post-upgrade; signal-event reboot
== Renew of the certs ==
== Renew of the certs ==
A simple bash to renew cert :
A simple script to renew cert :
#!/bin/bash
source /opt/rh/python27/enable
export X_SCLS="`scl enable python27 'echo $X_SCLS'`"
service httpd-e-smith stop
cd /src/letsencrypt
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk --renew-by-default
service httpd-e-smith start
You may want to set this up as a cron job to run every two months, to make sure your certificate doesn't expire.
== Backup ==
Your certificate, private key, and other important information are stored in /etc/letsencrypt, which is not included in the standard SME Server backup routines. Make sure to add this directory to your backups.
==Source from info==
==Source from info==
Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680
Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680
[[Category:Howto]] [[Category:Security]]
[[Category:Howto]] [[Category:Security]]