[kwlug-disc] Let's Encrypt standalone mode
Khalid Baheyeldin
kb at 2bits.com
Sun Apr 2 11:44:50 EDT 2017
The letsencrypt program that is in the 16.04 repos did not work for
renewal. This may be due to the version being quite old compared to the
current version from the EFF.
There is another way though: you get the current version, yet use debian's
package management for dependencies.
Here is how to do it:
=== Initial certificates ===
# Add certbot's repository
aptitude install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
# Update
aptitude update
# Install certbot
aptitude install certbot
# Stop the web server
service nginx stop
# Issue a certificate for each domain that you have
certbot certonly --standalone -d example.org -d www.example.org
certbot certonly --standalone -d example.com -d www.example.com
...
# Start the web server
service nginx start
=== End ===
For renewals you do this:
=== Renewals ===
# Stop the web server
service nginx stop
# Attempt to renew all the certificates for all domains
certbot renew
# Start the web server
service nginx start
=== End ===
On Sun, Mar 19, 2017 at 11:20 AM, Khalid Baheyeldin <kb at 2bits.com> wrote:
> A followup for those who might experience it ...
>
> On the 14.04 servers, I installed Let's Encrypt using a download (or a git
> clone) from their site. It worked well, and updated itself to ~/.local.
>
> When I upgraded from 14.04 to 16.04, it failed to update itself, saying
> python datetime not found.
>
> Instead of spending time to troubleshoot the manual install/update, I
> opted for installing Let's Encrypt from the repositories.
>
> sudo apt install letsencrypt
>
> And then instead of certbot-auto as a command, use letsencrypt with the
> same options.
>
> Works the same.
>
--
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20170402/21a4dfd9/attachment.htm>
More information about the kwlug-disc
mailing list