Differences between revisions 14 and 15
Revision 14 as of 2017-03-05 08:12:25
Size: 1196
Editor: ?NathanWiebeNeufeldt
Comment: typo
Revision 15 as of 2018-06-22 18:27:17
Size: 2555
Editor: levlaz
Comment: Add some notes about using cerbot in Stretch
Deletions are marked like this. Additions are marked like this.
Line 28: Line 28:
== Stretch Howto ==
You can install [[DebPkg:certbot]] from the main repository. You can also install some useful plugins to make the getting certificates for nginx or apache easier.

 * [[DebPkg:python-certbot-apache]] - Apache plugin for Certbot
 * [[DebPkg:python-certbot-nginx]] - Nginx plugin for Certbot

The default version of certbot that is available in the repository will result in the following error message if you try to run `certbot --apache`:

{{{
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
}}}

As discussed in the [[https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983|LetsEncrypt Forums]] this is due to a security issue that existed in the old client.

In order to make a certificate for apache you can use the following command:

{{{
sudo certbot --authenticator standalone --installer apache \
  -d <domain> --pre-hook "service apache2 stop" --post-hook "service apache2 start"
}}}

In order to make a certificate for nginx you can use the following command:

{{{
sudo certbot --authenticator standalone --installer nginx \
  -d <domain> --pre-hook "service nginx stop" --post-hook "service nginx start"
}}}

Translation(s): English - Français - Русский


Let’s Encrypt

Let’s Encrypt is an automated certificate authority providing free of charge, domain-validated TLS certificates that are obtained using the ACME protocol.

Let’s Encrypt clients

Jessie Howto

== Stretch Howto == You can install certbot from the main repository. You can also install some useful plugins to make the getting certificates for nginx or apache easier.

The default version of certbot that is available in the repository will result in the following error message if you try to run certbot --apache:

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

As discussed in the LetsEncrypt Forums this is due to a security issue that existed in the old client.

In order to make a certificate for apache you can use the following command:

sudo certbot --authenticator standalone --installer apache \
  -d <domain> --pre-hook "service apache2 stop" --post-hook "service apache2 start"

In order to make a certificate for nginx you can use the following command:

sudo certbot --authenticator standalone --installer nginx \
  -d <domain> --pre-hook "service nginx stop" --post-hook "service nginx start"