Changes

Jump to navigation Jump to search

Letsencrypt (view source)

Revision as of 04:22, 31 May 2016

1,816 bytes added ,  04:22, 31 May 2016
no edit summary
Line 294: Line 294:  
The certificate files will be in /etc/letsencrypt/live/privateserver.yourdomain.tld/ on your internal server.
 
The certificate files will be in /etc/letsencrypt/live/privateserver.yourdomain.tld/ on your internal server.
    +
==Install with John Crisp contrib==
 +
sources: https://github.com/reetp/smeserver-letsencrypt
 +
 +
first add his repo
 +
{{:reetspetit}}
 +
then install
 +
yum install smeserver-letsencrypt --enablerepo=reetp
 +
 +
then expand httpd template
 +
expand-template /etc/httpd/conf/httpd.conf
 +
service httpd-e-smith restart
 +
set email
 +
  config setprop letsencypt email my@email.com
 +
 +
 +
Then run
 +
 +
signal-event console-save
 +
 +
Create test certificates (file is in the path so should be OK)
 +
 +
letsencrypt.sh -c
 +
 +
Once you are satisfied with your test
 +
 +
config setprop letsencrypt status enabled
 +
 +
signal-event console-save
 +
 +
and
 +
 +
mv /etc/letsencrypt.sh/private_key.pem /etc/letsencrypt.sh/private_key.test
 +
letsencrypt.sh -c -x
 +
 +
Note thereafter you ONLY need to run
 +
 +
letsencrypt.sh -c
 +
 +
 +
=== what is next ?===
 +
If you make any db key changes run console-save to regenerate your config files
 +
 +
You can now set any public ibays to SSL only using the server manager, or set the following key:
 +
 +
db accounts setprop {accountname} SSL enabled
 +
 +
You cannot set the Primary ibay to SSL from the panel:
 +
 +
db accounts setprop Primary SSL enabled
 +
 +
signal-event console-save
 +
 +
or
 +
 +
signal-event ibay-modify Primary
 +
 +
=== other info ===
 +
Optional keys - (not required)
 +
 +
config setprop letsencypt email (defaults to empty)
 +
config setprop letsencypt keysize (defaults to 4096)
 +
 +
You can enable just a domain or just a host on a domain
 +
 +
Per domain db domains setprop mydomain.com letsencryptSSLcert enabled
 +
 +
Per host db hosts setprop www.mydomain.com letsencryptSSLcert enabled
 +
 +
If you want a hook script to push changes remotely (not required)
 +
 +
db configuration setprop letsencrypt hookScript enabled
 +
db configuration setprop letsencrypt user someuser
 +
db configuration setprop letsencrypt host 1.2.3.4 db configuration setprop letsencrypt path //some/remote/local/path
 
==Source from info==
 
==Source from info==
 
Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680
 
Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680
 
[[Category:Howto]] [[Category:Security]] [[Category:Howto]]
 
[[Category:Howto]] [[Category:Security]] [[Category:Howto]]
 
[[Category: Administration:Certificates]]
 
[[Category: Administration:Certificates]]
Unnilennium
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,254

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/31373"

Navigation menu