LetsEncrypt (Ubuntu 18.04): Unterschied zwischen den Versionen
(42 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
{{note| | == Installation == | ||
=== Raspbian === | |||
{{note|Deprecated: Mittlerweile selbe Prozedur wie unter Ubuntu beschrieben.}} | |||
<pre> | |||
wget https://dl.eff.org/certbot-auto | |||
sudo mv certbot-auto /usr/local/bin/certbot-auto | |||
sudo chown root /usr/local/bin/certbot-auto | |||
sudo chmod 0755 /usr/local/bin/certbot-auto | |||
</pre> | |||
Folgender Befehl fügt einen Cron-Job zu den systemweiten Cronjobs hinzu: | |||
<pre> | |||
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null | |||
</pre> | |||
Systemweiten Cronjobs auflisten: | |||
<pre> | |||
less /etc/crontab | |||
</pre> | |||
==== Zertifikate erstellen ==== | |||
{{note|Die DNS-Namen müssen existieren und auf den Server zeigen, auf dem das Skript ausgeführt wird.}} | |||
<pre> | |||
sudo /usr/local/bin/certbot-auto certonly --apache -d example.com -d www.example.com | |||
</pre> | |||
== | === Ubuntu === | ||
<pre> | <pre> | ||
sudo apt-get install certbot python-certbot-apache | sudo apt-get install certbot python-certbot-apache | ||
</pre> | </pre> | ||
==== Zertifikate erstellen ==== | |||
{{note|Die DNS-Namen müssen existieren und auf den Server zeigen, auf dem das Skript ausgeführt wird.}} | |||
<pre> | |||
sudo certbot certonly --apache -d example.com -d www.example.com | |||
</pre> | |||
== Zertifikat hinzufügen == | |||
<pre> | |||
sudo certbot --expand -d existing.com,example.com,newdomain.com | |||
</pre> | |||
=== Links === | |||
[https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options] | |||
== Wildcard Zertifikate == | |||
[[LetsEncrypt Wildcards (Ubuntu 18.04)|LetsEncrypt Wildcards]] | |||
== Migration bestehender Zertifikate == | == Migration bestehender Zertifikate == | ||
=== Backup === | |||
<pre> | |||
sudo ls -l /etc/letsencrypt/live/tutorials-rasp.kirner.or.at | |||
</pre> | |||
<pre> | |||
insgesamt 0 | |||
lrwxrwxrwx 1 root root 52 Jän 11 10:31 cert.pem -> ../../archive/tutorials-rasp.kirner.or.at/cert20.pem | |||
lrwxrwxrwx 1 root root 53 Jän 11 10:31 chain.pem -> ../../archive/tutorials-rasp.kirner.or.at/chain20.pem | |||
lrwxrwxrwx 1 root root 57 Jän 11 10:31 fullchain.pem -> ../../archive/tutorials-rasp.kirner.or.at/fullchain20.pem | |||
lrwxrwxrwx 1 root root 55 Jän 11 10:31 privkey.pem -> ../../archive/tutorials-rasp.kirner.or.at/privkey20.pem | |||
</pre> | |||
<pre> | |||
sudo ls -l /etc/letsencrypt/renewal | |||
</pre> | |||
<pre> | |||
insgesamt 4 | |||
-rw-r--r-- 1 root root 594 Jän 11 10:31 tutorials-rasp.kirner.or.at.conf | |||
</pre> | |||
<pre> | |||
sudo su | |||
cd /etc/letsencrypt | |||
sudo tar -cvzf 2020_03_12__LetsEncryptFullBackupRaspberry2.tgz accounts/ archive/ renewal/ | |||
sudo exit | |||
</pre> | |||
=== Restore === | |||
<pre> | |||
cd / | |||
sudo tar -xvf ~/temp/certs_raspberry2.tar.gz | |||
sudo mkdir -p /etc/letsencrypt/live/tutorials-rasp.kirner.or.at | |||
</pre> | |||
<pre> | |||
sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/cert20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/cert.pem | |||
sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/chain20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/chain.pem | |||
sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/fullchain20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/fullchain.pem | |||
sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/privkey20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/privkey.pem | |||
</pre> | |||
=== Links === | === Links === | ||
[https://ivanderevianko.com/2019/03/migrate-letsencrypt-certificates-certbot-to-new-server https://ivanderevianko.com/2019/03/migrate-letsencrypt-certificates-certbot-to-new-server] | [https://ivanderevianko.com/2019/03/migrate-letsencrypt-certificates-certbot-to-new-server https://ivanderevianko.com/2019/03/migrate-letsencrypt-certificates-certbot-to-new-server] | ||
== Mergen bestehender Zertifikate == | |||
=== Links === | |||
[https://community.letsencrypt.org/t/moving-and-merging-certs-from-server-a-to-b/19015/3 https://community.letsencrypt.org/t/moving-and-merging-certs-from-server-a-to-b/19015/3] | |||
== Hooks == | |||
Ablauf: | |||
# pre-hook | |||
# Authorization | |||
# post-hook | |||
# deploy-hook, if there is a new certificate | |||
=== Links === | |||
[https://certbot.eff.org/docs/using.html?highlight=hook#renewing-certificates https://certbot.eff.org/docs/using.html?highlight=hook#renewing-certificates] | |||
[https://community.letsencrypt.org/t/certbot-hook-directories/42505 https://community.letsencrypt.org/t/certbot-hook-directories/42505] | |||
[https://advancedweb.hu/lets-encrypt-hooks-use-cases/ https://advancedweb.hu/lets-encrypt-hooks-use-cases/] | |||
== Services deaktivieren == | |||
{{note|Noch in Bearbeitung}} | |||
<pre> | |||
sudo systemctl status certbot.service | |||
sudo systemctl status certbot.timer | |||
</pre> | |||
== Probleme == | |||
=== We were not be able to guess the right solution from your pip output. === | |||
Beim Ausführen des Befehls | |||
<pre> | |||
sudo /usr/local/bin/certbot-auto renew -q | |||
</pre> | |||
Löschen der Datei | |||
<pre> | |||
sudo rm /etc/pip.conf | |||
</pre> | |||
und nochmaliges Ausführen von <code>certbot-auto</code> hat das Problem gelöst. | |||
== Links == | == Links == | ||
[https://certbot.eff.org/ | [https://certbot.eff.org/instructions https://certbot.eff.org/instructions] | ||
Zurück zu [[LetsEncrypt (Linux)|LetsEncrypt]] | Zurück zu [[LetsEncrypt (Linux)|LetsEncrypt]] |
Aktuelle Version vom 14. Mai 2023, 18:53 Uhr
Installation
Raspbian
Deprecated: Mittlerweile selbe Prozedur wie unter Ubuntu beschrieben.
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
Folgender Befehl fügt einen Cron-Job zu den systemweiten Cronjobs hinzu:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null
Systemweiten Cronjobs auflisten:
less /etc/crontab
Zertifikate erstellen
Die DNS-Namen müssen existieren und auf den Server zeigen, auf dem das Skript ausgeführt wird.
sudo /usr/local/bin/certbot-auto certonly --apache -d example.com -d www.example.com
Ubuntu
sudo apt-get install certbot python-certbot-apache
Zertifikate erstellen
Die DNS-Namen müssen existieren und auf den Server zeigen, auf dem das Skript ausgeführt wird.
sudo certbot certonly --apache -d example.com -d www.example.com
Zertifikat hinzufügen
sudo certbot --expand -d existing.com,example.com,newdomain.com
Links
https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options
Wildcard Zertifikate
Migration bestehender Zertifikate
Backup
sudo ls -l /etc/letsencrypt/live/tutorials-rasp.kirner.or.at
insgesamt 0 lrwxrwxrwx 1 root root 52 Jän 11 10:31 cert.pem -> ../../archive/tutorials-rasp.kirner.or.at/cert20.pem lrwxrwxrwx 1 root root 53 Jän 11 10:31 chain.pem -> ../../archive/tutorials-rasp.kirner.or.at/chain20.pem lrwxrwxrwx 1 root root 57 Jän 11 10:31 fullchain.pem -> ../../archive/tutorials-rasp.kirner.or.at/fullchain20.pem lrwxrwxrwx 1 root root 55 Jän 11 10:31 privkey.pem -> ../../archive/tutorials-rasp.kirner.or.at/privkey20.pem
sudo ls -l /etc/letsencrypt/renewal
insgesamt 4 -rw-r--r-- 1 root root 594 Jän 11 10:31 tutorials-rasp.kirner.or.at.conf
sudo su cd /etc/letsencrypt sudo tar -cvzf 2020_03_12__LetsEncryptFullBackupRaspberry2.tgz accounts/ archive/ renewal/ sudo exit
Restore
cd / sudo tar -xvf ~/temp/certs_raspberry2.tar.gz sudo mkdir -p /etc/letsencrypt/live/tutorials-rasp.kirner.or.at
sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/cert20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/cert.pem sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/chain20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/chain.pem sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/fullchain20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/fullchain.pem sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/privkey20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/privkey.pem
Links
https://ivanderevianko.com/2019/03/migrate-letsencrypt-certificates-certbot-to-new-server
Mergen bestehender Zertifikate
Links
https://community.letsencrypt.org/t/moving-and-merging-certs-from-server-a-to-b/19015/3
Hooks
Ablauf:
- pre-hook
- Authorization
- post-hook
- deploy-hook, if there is a new certificate
Links
https://certbot.eff.org/docs/using.html?highlight=hook#renewing-certificates
https://community.letsencrypt.org/t/certbot-hook-directories/42505
https://advancedweb.hu/lets-encrypt-hooks-use-cases/
Services deaktivieren
Noch in Bearbeitung
sudo systemctl status certbot.service sudo systemctl status certbot.timer
Probleme
We were not be able to guess the right solution from your pip output.
Beim Ausführen des Befehls
sudo /usr/local/bin/certbot-auto renew -q
Löschen der Datei
sudo rm /etc/pip.conf
und nochmaliges Ausführen von certbot-auto
hat das Problem gelöst.
Links
https://certbot.eff.org/instructions
Zurück zu LetsEncrypt