Differences

This shows you the differences between two versions of the page.

--- doc:cert [2009/03/23 14:19]
admin
+++ doc:cert [2016/12/20 17:30] (current)
tomsa [Let's Encrypt]
@@ Line 176: / Line 176: @@
 ==== Links ====
    * http://www.akadia.com/services/ssh_test_certificate.html
+=====Let's Encrypt=====
+Certifikaty zadarmo od Let's Encrypt
+* https://letsencrypt.org/
+Nejjedodussi nastaveni je pomoci programu certbot-auto:
+<code>
+certbot-auto certonly --standalone -d goox.cz -d www.goox.cz --pre-hook="service nginx stop" --post-hook="service nginx start"
+</code>
+Muzeme tomu rict, at predtim vypne a potom zapne apache/nginx
+Samo si to overi, ze na dany server miri DNS a dle toho vygeneruje certifikaty.
+Certifikaty jsou ve slozce
+<code>
+   /etc/letsencrypt/live/<domena>/
+</code>
+Certifikaty jsou platne jen po omezenou dobu.
+Pote je potreba je obnovit. Na to slouzi zase program certbot-auto:
+<code>
+certbot-auto renew --standalone --pre-hook="service nginx stop" --post-hook="service nginx start"
+</code>
+Cele obnovovani se da dat do cronu:
+<code>
+vim /etc/cron.d/letsencrypt
+</code>
+A dane obnovovani poustet treba jednou mesicne:
+<code>
+#!/bin/bash
+4 5 * * root /usr/local/sbin/certbot-auto renew --standalone --pre-hook="service nginx stop" --post-hook="service nginx start" > /dev/null  2>&1
+</code>
+===nginx===
+Do nginx pridat certifikaty nasledovne:
+<code>
+ssl_certificate             /etc/letsencrypt/live/goox.cz/cert.pem;
+ssl_certificate_key        /etc/letsencrypt/live/goox.cz/privkey.pem;
+</code>

doc/cert.1237814385.txt.gz · Last modified: 2016/12/20 17:11 (external edit)