- [Show pagesource]
- [Old revisions]
- [[unknown link type]]
- []
This is an old revision of the document!
Table of Contents
Let's encrypt or Certbot
How exactly it works.
You have two modes. First is very simple but hard to maintain and sometimes results in stopped web server (apache/nginx/…) and never re-run again. Second is more difficult, but it is the one you want.
First method
works like this: stop webserver, run certbot and listen on :80 to prove you're the owner of the website, start webserver. The trap is obvious. If you try to automatize it into a cron script it could hang on certbot thus never starts webserver again. Here is on-line command
First run
certbot certonly -d www.mydomain.cz --pre-hook="service nginx stop" --post-hook="service nginx start"
Renew
certbot renew --pre-hook="service nginx stop" --post-hook="service nginx start"
Second method
1. You create some dir /var/www/I/like/it/here
2. Add to your website or many websites an exception
Nginx
  location /.well-known {
  alias /var/www/I/like/it/here/.well-known;
}
Apache2:
        
          alias "/.well-known" /var/www/letsencrypt/.well-known
          
         <directory "var/www/letsencrypt">
                Allowoverride None
                Options MultiViews
         </Directory>
3. When you call certbot with webroot parameter
certbot certonly --webroot -d novyweb.starlab.cz
here is the HTTP GET code what the remote server asks for:
GET /.well-known/acme-challenge/Rrc-EMcYmhRM7ETvn8Hs8TcAh9FgHiUAxfkoHEjX7Kc HTTP/1.1 Host: novyweb.starlab.cz User-Agent: Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org) Accept: */* Accept-Encoding: gzip Connection: close
4. And renew is easy allways the same
  certbot renew --webroot -w /var/www/I/like/it/here
    
    


