Differences between revisions 15 and 16
Revision 15 as of 2018-06-22 18:27:17
Size: 2555
Editor: levlaz
Comment: Add some notes about using cerbot in Stretch
Revision 16 as of 2018-06-22 18:28:19
Size: 2554
Editor: levlaz
Comment:
Deletions are marked like this. Additions are marked like this.
Line 28: Line 28:
== Stretch Howto ==  == Stretch Howto ==

Translation(s): English - Français - Русский


Let’s Encrypt

Let’s Encrypt is an automated certificate authority providing free of charge, domain-validated TLS certificates that are obtained using the ACME protocol.

Let’s Encrypt clients

Jessie Howto

Stretch Howto

You can install certbot from the main repository. You can also install some useful plugins to make the getting certificates for nginx or apache easier.

The default version of certbot that is available in the repository will result in the following error message if you try to run certbot --apache:

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

As discussed in the LetsEncrypt Forums this is due to a security issue that existed in the old client.

In order to make a certificate for apache you can use the following command:

sudo certbot --authenticator standalone --installer apache \
  -d <domain> --pre-hook "service apache2 stop" --post-hook "service apache2 start"

In order to make a certificate for nginx you can use the following command:

sudo certbot --authenticator standalone --installer nginx \
  -d <domain> --pre-hook "service nginx stop" --post-hook "service nginx start"