LetsEncrypt (Ubuntu 18.04): Unterschied zwischen den Versionen
(→Hooks) |
(→Hooks) |
||
| Zeile 119: | Zeile 119: | ||
== Hooks == | == Hooks == | ||
Ablauf: | |||
# pre-hook | |||
# Authorization | |||
# post-hook | # post-hook | ||
# deploy-hook, if there is a new certificate | # deploy-hook, if there is a new certificate | ||
| Zeile 129: | Zeile 131: | ||
[https://community.letsencrypt.org/t/certbot-hook-directories/42505 https://community.letsencrypt.org/t/certbot-hook-directories/42505] | [https://community.letsencrypt.org/t/certbot-hook-directories/42505 https://community.letsencrypt.org/t/certbot-hook-directories/42505] | ||
[https://advancedweb.hu/lets-encrypt-hooks-use-cases/ https://advancedweb.hu/lets-encrypt-hooks-use-cases/] | |||
== Probleme == | == Probleme == | ||
Version vom 6. Mai 2023, 14:27 Uhr
Installation
Raspbian
Deprecated: Mittlerweile selbe Prozedur wie unter Ubuntu beschrieben.
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
Folgender Befehl fügt einen Cron-Job zu den systemweiten Cronjobs hinzu:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null
Systemweiten Cronjobs auflisten:
less /etc/crontab
Zertifikate erstellen
Die DNS-Namen müssen existieren und auf den Server zeigen, auf dem das Skript ausgeführt wird.
sudo /usr/local/bin/certbot-auto certonly --apache -d example.com -d www.example.com
Ubuntu
sudo apt-get install certbot python-certbot-apache
Zertifikate erstellen
Die DNS-Namen müssen existieren und auf den Server zeigen, auf dem das Skript ausgeführt wird.
sudo certbot certonly --apache -d example.com -d www.example.com
Zertifikat hinzufügen
sudo certbot --expand -d existing.com,example.com,newdomain.com
Links
https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options
Wildcard Zertifikate
Migration bestehender Zertifikate
Backup
sudo ls -l /etc/letsencrypt/live/tutorials-rasp.kirner.or.at
insgesamt 0 lrwxrwxrwx 1 root root 52 Jän 11 10:31 cert.pem -> ../../archive/tutorials-rasp.kirner.or.at/cert20.pem lrwxrwxrwx 1 root root 53 Jän 11 10:31 chain.pem -> ../../archive/tutorials-rasp.kirner.or.at/chain20.pem lrwxrwxrwx 1 root root 57 Jän 11 10:31 fullchain.pem -> ../../archive/tutorials-rasp.kirner.or.at/fullchain20.pem lrwxrwxrwx 1 root root 55 Jän 11 10:31 privkey.pem -> ../../archive/tutorials-rasp.kirner.or.at/privkey20.pem
sudo ls -l /etc/letsencrypt/renewal
insgesamt 4 -rw-r--r-- 1 root root 594 Jän 11 10:31 tutorials-rasp.kirner.or.at.conf
sudo su cd /etc/letsencrypt sudo tar -cvzf 2020_03_12__LetsEncryptFullBackupRaspberry2.tgz accounts/ archive/ renewal/ sudo exit
Restore
cd / sudo tar -xvf ~/temp/certs_raspberry2.tar.gz sudo mkdir -p /etc/letsencrypt/live/tutorials-rasp.kirner.or.at
sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/cert20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/cert.pem sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/chain20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/chain.pem sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/fullchain20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/fullchain.pem sudo ln -s /etc/letsencrypt/archive/tutorials-rasp.kirner.or.at/privkey20.pem /etc/letsencrypt/live/tutorials-rasp.kirner.or.at/privkey.pem
Links
https://ivanderevianko.com/2019/03/migrate-letsencrypt-certificates-certbot-to-new-server
Mergen bestehender Zertifikate
Links
https://community.letsencrypt.org/t/moving-and-merging-certs-from-server-a-to-b/19015/3
Hooks
Ablauf:
- pre-hook
- Authorization
- post-hook
- deploy-hook, if there is a new certificate
Links
https://certbot.eff.org/docs/using.html?highlight=hook#renewing-certificates
https://community.letsencrypt.org/t/certbot-hook-directories/42505
https://advancedweb.hu/lets-encrypt-hooks-use-cases/
Probleme
We were not be able to guess the right solution from your pip output.
Beim Ausführen des Befehls
sudo /usr/local/bin/certbot-auto renew -q
Löschen der Datei
sudo rm /etc/pip.conf
und nochmaliges Ausführen von certbot-auto hat das Problem gelöst.
Links
https://certbot.eff.org/instructions
Zurück zu LetsEncrypt