...
Code Block | ||
---|---|---|
| ||
$ sudo certbot --apache -d kurapa.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Requesting a certificate for kurapa.com Performing the following challenges: http-01 challenge for kurapa.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/httpd/conf.d/vhosts.conf Redirecting vhost in /etc/httpd/conf.d/vhosts.conf to ssl vhost in /etc/httpd/conf.d/vhosts.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://kurapa.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/kurapa.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/kurapa.com/privkey.pem Your certificate will expire on 2022-01-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le $ |
Wild Card SSL?
Following shell script (wild_certbot.sh) will enable you to create wild card domain
Code Block | ||||
---|---|---|---|---|
| ||||
#!/bin/bash certbot certonly --manual \ --preferred-challenges=dns \ --email $1 \ --server https:// |
...
acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--manual-public-ip-logging-ok \
-d "$2,*.$2" |
You can do it as following:
Code Block |
---|
$ wild_certbot.sh kurapa@kurapa.com kurapa.com |
Then you will see like below:
Code Block | ||
---|---|---|
| ||
Use of --manual-public-ip-logging-ok is deprecated.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for *.kurapa.com
Performing the following challenges:
dns-01 challenge for kurapa.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.kurapa.com with the following value:
W8GGMfEG4ck-dOF9dyHG8gNCc1uR_Ql_KjEi1jltuLQ
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Resetting dropped connection: acme-v02.api.letsencrypt.org
Cleaning up challenges
Use of --manual-public-ip-logging-ok is deprecated.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/kurapa.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/kurapa.com-0001/privkey.pem
Your certificate will expire on 2022-01-20. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
|
Note that you should update a DNS TXT record based on the guide above, as a step, before verfication.
How to update SSL?
As long as you have certificates based on Let's Encrypt, you can simply update it as:
Code Block |
---|
sudo certbot renew |
...
How to update SSL?
Code Block |
---|
sudo certbot certonly -n --apache -d kurapa.com |
If it doesn't require updating the SSL, it will show like:
...