1064
Comment:
|
2803
add upstream specific information
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[fr/LetsEncrypt|Français]] -~ | ~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[fr/LetsEncrypt|Français]] - [[ru/LetsEncrypt|Русский]] -~ |
Line 14: | Line 14: |
* [[DebPkg:letsencrypt.sh]] | * [[DebPkg:lacme]] * [[DebPkg:lecm]] * [[DebPkg:lego]] * [[DebPkg:letsencrypt.sh]] - Renamed to [[DebPkg:dehydrated]] |
Line 21: | Line 24: |
* Optionnaly: follow certbot instructions and enable quiet cron job or follow up | * Optionally: follow certbot instructions and enable quiet cron job or follow up |
Line 25: | Line 28: |
== Stretch Howto == You can install [[DebPkg:certbot]] from the main repository. You can also install some useful plugins to make the getting certificates for nginx or apache easier. * [[DebPkg:python-certbot-apache]] - Apache plugin for Certbot * [[DebPkg:python-certbot-nginx]] - Nginx plugin for Certbot The default version of certbot that is available in the repository will result in the following error message if you try to run `certbot --apache`: {{{ Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. }}} As discussed in the [[https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983|LetsEncrypt Forums]] this is due to a security issue that existed in the old client. In order to make a certificate for apache you can use the following command: {{{ sudo certbot --authenticator standalone --installer apache \ -d <domain> --pre-hook "service apache2 stop" --post-hook "service apache2 start" }}} In order to make a certificate for nginx you can use the following command: {{{ sudo certbot --authenticator standalone --installer nginx \ -d <domain> --pre-hook "service nginx stop" --post-hook "service nginx start" }}} == upstream specific information == * [[https://letsencrypt.org|Homepage]] * [[https://letsencrypt.org/docs|Documentation]] * [[https://community.letsencrypt.org|Community support]] -------------- CategoryNetwork CategorySoftware |
Translation(s): English - Français - Русский
Let’s Encrypt
Let’s Encrypt is an automated certificate authority providing free of charge, domain-validated TLS certificates that are obtained using the ACME protocol.
Let’s Encrypt clients
letsencrypt.sh - Renamed to dehydrated
Jessie Howto
Enable backports: https://backports.debian.org/Instructions/
Install certbot: https://certbot.eff.org/#debianjessie-apache
- apt-get install python-certbot-apache -t jessie-backports
- certbot --apache
- Optionally: follow certbot instructions and enable quiet cron job or follow up
Optionally enable Perfect Forward Secrecy: https://www.sslplus.de/wiki/Wie_konfiguriert_man_Apache_2.x_f%C3%BCr_Perfect_Forward_Secrecy
- edit "/etc/apache2/mods-available/ssl.conf" and uncomment "SSLHonorCipherOrder on"
Stretch Howto
You can install certbot from the main repository. You can also install some useful plugins to make the getting certificates for nginx or apache easier.
python-certbot-apache - Apache plugin for Certbot
python-certbot-nginx - Nginx plugin for Certbot
The default version of certbot that is available in the repository will result in the following error message if you try to run certbot --apache:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
As discussed in the LetsEncrypt Forums this is due to a security issue that existed in the old client.
In order to make a certificate for apache you can use the following command:
sudo certbot --authenticator standalone --installer apache \ -d <domain> --pre-hook "service apache2 stop" --post-hook "service apache2 start"
In order to make a certificate for nginx you can use the following command:
sudo certbot --authenticator standalone --installer nginx \ -d <domain> --pre-hook "service nginx stop" --post-hook "service nginx start"
upstream specific information
* Homepage