LetsEncrypt: Difference between revisions
Jump to navigation
Jump to search
m (Ekaanbj moved page Startssl to LetsEncrypt: Startssl is retired) |
No edit summary |
||
| Line 1: | Line 1: | ||
Lets encrypt for Fedora. https://fedoramagazine.org/letsencrypt-now-available-fedora/ | |||
== | =Had to remove manually installed python modules= | ||
SSLCertificateFile /etc/ | \rm -r /usr/lib/python2.7/site-packages/requests/packages/* | ||
SSLCertificateKeyFile /etc/ | |||
SSLCertificateChainFile /etc/ | =Install letsencrypt= | ||
sudo dnf -y install letsencrypt | |||
=manually create certs. Verify that all goes well= | |||
letsencrypt --text --email anden@halfface.se \ | |||
--domains www.halfface.se,halfface.se,ldap.halfface.se \ | |||
--agree-tos --renew-by-default --manual certonly | |||
=Automated updates. Web root verification= | |||
letsencrypt --text --renew-by-default --email anden@halfface.se \ | |||
--domains www.halfface.se,halfface.se,ldap.halfface.se \ | |||
--agree-tos --webroot --webroot-path /var/www/html/www-halfface certonly | |||
=Fix selinux.= | |||
semanage fcontext -a -t cert_t '/etc/letsencrypt/(archive|live)(/.*)?' | |||
restorecon -Rv /etc/letsencrypt | |||
=Link to certs in proper location.= | |||
ln -s /etc/letsencrypt/live/www.halfface.se/cert.pem /etc/pki/tls/certs/www.halfface.se.crt | |||
ln -s /etc/letsencrypt/live/www.halfface.se/chain.pem /etc/pki/tls/certs/www.halfface.se.chain.crt | |||
ln -s /etc/letsencrypt/live/www.halfface.se/privkey.pem /etc/pki/tls/private/www.halfface.se.key | |||
=Add correct paths to certs in http config.= | |||
SSLCertificateFile /etc/pki/tls/certs/www.halfface.se.crt | |||
SSLCertificateKeyFile /etc/pki/tls/private/www.halfface.se.key | |||
SSLCertificateChainFile /etc/pki/tls/certs/www.halfface.se.chain.crt | |||
=Remove old certs.= | |||
rm -r /etc/httpd/ssl/ | |||
=restart to take effect.= | |||
systemctl restart httpd | |||
Latest revision as of 23:10, 6 January 2017
Lets encrypt for Fedora. https://fedoramagazine.org/letsencrypt-now-available-fedora/
Had to remove manually installed python modules
\rm -r /usr/lib/python2.7/site-packages/requests/packages/*
Install letsencrypt
sudo dnf -y install letsencrypt
manually create certs. Verify that all goes well
letsencrypt --text --email anden@halfface.se \ --domains www.halfface.se,halfface.se,ldap.halfface.se \ --agree-tos --renew-by-default --manual certonly
Automated updates. Web root verification
letsencrypt --text --renew-by-default --email anden@halfface.se \ --domains www.halfface.se,halfface.se,ldap.halfface.se \ --agree-tos --webroot --webroot-path /var/www/html/www-halfface certonly
Fix selinux.
semanage fcontext -a -t cert_t '/etc/letsencrypt/(archive|live)(/.*)?' restorecon -Rv /etc/letsencrypt
Link to certs in proper location.
ln -s /etc/letsencrypt/live/www.halfface.se/cert.pem /etc/pki/tls/certs/www.halfface.se.crt ln -s /etc/letsencrypt/live/www.halfface.se/chain.pem /etc/pki/tls/certs/www.halfface.se.chain.crt ln -s /etc/letsencrypt/live/www.halfface.se/privkey.pem /etc/pki/tls/private/www.halfface.se.key
Add correct paths to certs in http config.
SSLCertificateFile /etc/pki/tls/certs/www.halfface.se.crt SSLCertificateKeyFile /etc/pki/tls/private/www.halfface.se.key SSLCertificateChainFile /etc/pki/tls/certs/www.halfface.se.chain.crt
Remove old certs.
rm -r /etc/httpd/ssl/
restart to take effect.
systemctl restart httpd