2803
Comment: add upstream specific information
|
2108
fixed in #887399 and included in security and point release of stretch
|
Deletions are marked like this. | Additions are marked like this. |
Line 34: | Line 34: |
The default version of certbot that is available in the repository will result in the following error message if you try to run `certbot --apache`: {{{ Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. }}} As discussed in the [[https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983|LetsEncrypt Forums]] this is due to a security issue that existed in the old client. |
|
Line 45: | Line 37: |
sudo certbot --authenticator standalone --installer apache \ -d <domain> --pre-hook "service apache2 stop" --post-hook "service apache2 start" |
sudo certbot --apache -d <domain> --post-hook "/usr/sbin/service apache2 restart" |
Line 52: | Line 43: |
sudo certbot --authenticator standalone --installer nginx \ -d <domain> --pre-hook "service nginx stop" --post-hook "service nginx start" |
sudo certbot --nginx -d <domain> --post-hook "/usr/sbin/service nginx restart" |
Translation(s): English - Français - Русский
Let’s Encrypt
Let’s Encrypt is an automated certificate authority providing free of charge, domain-validated TLS certificates that are obtained using the ACME protocol.
Let’s Encrypt clients
letsencrypt.sh - Renamed to dehydrated
Jessie Howto
Enable backports: https://backports.debian.org/Instructions/
Install certbot: https://certbot.eff.org/#debianjessie-apache
- apt-get install python-certbot-apache -t jessie-backports
- certbot --apache
- Optionally: follow certbot instructions and enable quiet cron job or follow up
Optionally enable Perfect Forward Secrecy: https://www.sslplus.de/wiki/Wie_konfiguriert_man_Apache_2.x_f%C3%BCr_Perfect_Forward_Secrecy
- edit "/etc/apache2/mods-available/ssl.conf" and uncomment "SSLHonorCipherOrder on"
Stretch Howto
You can install certbot from the main repository. You can also install some useful plugins to make the getting certificates for nginx or apache easier.
python-certbot-apache - Apache plugin for Certbot
python-certbot-nginx - Nginx plugin for Certbot
In order to make a certificate for apache you can use the following command:
sudo certbot --apache -d <domain> --post-hook "/usr/sbin/service apache2 restart"
In order to make a certificate for nginx you can use the following command:
sudo certbot --nginx -d <domain> --post-hook "/usr/sbin/service nginx restart"
upstream specific information
* Homepage