[kwlug-disc] Let's Encrypt standalone mode
Jeff Smith
crankyoldbugger at gmail.com
Tue Feb 7 08:31:35 EST 2017
A day late and a dollar short, I had an article in my news feed this
morning on using Let's Encrypt on Apache:
https://www.unixmen.com/encrypt-apache-webserver-centos-7/
On 2017-02-06 09:10 PM, Khalid Baheyeldin wrote:
> Thanks Jeff Voskamp for an great presentation on Let's Encrypt, and
> thanks for pointing out a few months ago that Let's Encrypt is indeed
> working ...
>
> Here is how I got standalone to work:
>
> 1. One Time: Get certificates
>
> # Download the certbot client
> wget https://dl.eff.org/certbot-auto
>
> # Make it executable
> chmod +x certbot-auto
>
> # Move it somewhere
> mv certbot-auto ~/bin
>
> # Create certificates
> ~/bin/certbot-auto certonly --standalone -d example.com -d www.example.com
> ~/bin/certbot-auto certonly --standalone -d example1.com -d www.example1.com
>
> You now have the certificates under /etc/letsencrypt/live/domain, and
> you install them yourself on whatever web server you are using, be
> that Apache, Nginx, or Pound.
>
> 2. Renewal:
> For renewal I have a crontab script that runs weekly. It is basically this:
>
> /usr/sbin/service apache2 stop
>
> ~/bin/certbot-auto renew --standalone > ~/certbot-renew.txt 2>&1
>
> /usr/sbin/service apache2 start
>
> It will find out what domains have SSL certificates (under
> /etc/letsencrypt), and attempt to renew all of them. Works well.
>
More information about the kwlug-disc
mailing list