- [Show page]
- [Old revisions]
- [[unknown link type]]
- []
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
doc:cert [2009/03/23 14:19] admin |
doc:cert [2016/12/20 17:30] (current) tomsa [Let's Encrypt] |
||
---|---|---|---|
Line 176: | Line 176: | ||
==== Links ==== | ==== Links ==== | ||
* http://www.akadia.com/services/ssh_test_certificate.html | * http://www.akadia.com/services/ssh_test_certificate.html | ||
+ | |||
+ | =====Let's Encrypt===== | ||
+ | Certifikaty zadarmo od Let's Encrypt | ||
+ | * https://letsencrypt.org/ | ||
+ | |||
+ | Nejjedodussi nastaveni je pomoci programu certbot-auto: | ||
+ | <code> | ||
+ | certbot-auto certonly --standalone -d goox.cz -d www.goox.cz --pre-hook="service nginx stop" --post-hook="service nginx start" | ||
+ | </code> | ||
+ | Muzeme tomu rict, at predtim vypne a potom zapne apache/nginx | ||
+ | |||
+ | Samo si to overi, ze na dany server miri DNS a dle toho vygeneruje certifikaty. | ||
+ | |||
+ | Certifikaty jsou ve slozce | ||
+ | <code> | ||
+ | /etc/letsencrypt/live/<domena>/ | ||
+ | </code> | ||
+ | |||
+ | |||
+ | Certifikaty jsou platne jen po omezenou dobu. | ||
+ | Pote je potreba je obnovit. Na to slouzi zase program certbot-auto: | ||
+ | |||
+ | <code> | ||
+ | certbot-auto renew --standalone --pre-hook="service nginx stop" --post-hook="service nginx start" | ||
+ | </code> | ||
+ | |||
+ | |||
+ | Cele obnovovani se da dat do cronu: | ||
+ | <code> | ||
+ | vim /etc/cron.d/letsencrypt | ||
+ | </code> | ||
+ | |||
+ | A dane obnovovani poustet treba jednou mesicne: | ||
+ | <code> | ||
+ | #!/bin/bash | ||
+ | 0 4 5 * * root /usr/local/sbin/certbot-auto renew --standalone --pre-hook="service nginx stop" --post-hook="service nginx start" > /dev/null 2>&1 | ||
+ | </code> | ||
+ | |||
+ | |||
+ | ===nginx=== | ||
+ | Do nginx pridat certifikaty nasledovne: | ||
+ | |||
+ | <code> | ||
+ | ssl_certificate /etc/letsencrypt/live/goox.cz/cert.pem; | ||
+ | ssl_certificate_key /etc/letsencrypt/live/goox.cz/privkey.pem; | ||
+ | |||
+ | </code> |
doc/cert.1237814385.txt.gz · Last modified: 2016/12/20 17:11 (external edit)