Translation(s): English - Français - Русский
Let’s Encrypt
Let’s Encrypt is an automated certificate authority providing free of charge, domain-validated TLS certificates that are obtained using the ACME protocol.
Let’s Encrypt clients
apache2 - mod_md (ACMEv2 support merged in Apache 2.4.40)
letsencrypt.sh - Renamed to dehydrated
Jessie (Debian 8.x) Howto
Note: Jessie has reached end of LTS support as of June 30th, 2020. If at all possible, upgrade to a newer Debian release.
Enable backports: https://backports.debian.org/Instructions/
Install certbot: https://certbot.eff.org/#debianjessie-apache
- apt-get install python-certbot-apache -t jessie-backports
- certbot --apache
- Optionally: follow certbot instructions and enable quiet cron job or follow up
Optionally enable Perfect Forward Secrecy: https://www.sslplus.de/wiki/Wie_konfiguriert_man_Apache_2.x_f%C3%BCr_Perfect_Forward_Secrecy
- edit "/etc/apache2/mods-available/ssl.conf" and uncomment "SSLHonorCipherOrder on"
Stretch (Debian 9.x) / Buster (Debian 10.x) / Testing / Unstable Howto
You can install certbot from the main repository. You can also install some useful plugins to make the getting certificates for nginx or apache easier.
python3-certbot-apache - Apache plugin for Certbot
python3-certbot-nginx - Nginx plugin for Certbot
In order to make a certificate for apache you can use the following command:
sudo certbot --apache -d <domain> --post-hook "/usr/sbin/service apache2 restart"
In order to make a certificate for nginx you can use the following command:
sudo certbot --nginx -d <domain> --post-hook "/usr/sbin/service nginx restart"
upstream specific information
* Homepage