LoginSignup
2
2

More than 5 years have passed since last update.

@sinri(Sinri Edogawa)

Let’s Encrypt with Certbot

Last updated at Posted at 2016-10-08

Tried Let’s Encrypt for free HTTPS certification. It seems good and quite convinence.

Following the instruction of offical site, we use Certbot to deploy it.

As example, for Apache and Debian 7:

Install

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto

Config

./certbot-auto --apache

It would provide UI.

Automating Renewal

First try this 

./certbot-auto renew --dry-run

If no error, set this to cronjob twice a day

./certbot-auto renew --quiet --no-self-upgrade

For Nginx Server

If you run it with Nginx, you might need to reload or restart Nginx to make the renew available.

PS on renew

If you have made Rewrite Rule for Auto-HTTP-to-HTTPS-Redirection, you would face some trouble when renew them if the CertAgent cannot get correct response from the target Domain. For example, you removed the certificate files or SSL configuration from your server, kept using a certificate out of date, lost DNS record, etc. The failure would come with IMPORTANT NOTES like following.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: meinblog.ga
   Type:   unknownHost
   Detail: No valid IP addresses found for meinblog.ga

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: sinri.cc
   Type:   unauthorized
   Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
   Requested ******HIDDEN******

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

It is easy to fix after you know the reason -- just keep the target domain alive. Turn off redirection for SSL and leave HTTP only is the suggestion.

2
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
2