[kwlug-disc] Let's Encrypt standalone mode
Khalid Baheyeldin
kb at 2bits.com
Mon Feb 6 21:10:34 EST 2017
Thanks Jeff Voskamp for an great presentation on Let's Encrypt, and
thanks for pointing out a few months ago that Let's Encrypt is indeed
working ...
Here is how I got standalone to work:
1. One Time: Get certificates
# Download the certbot client
wget https://dl.eff.org/certbot-auto
# Make it executable
chmod +x certbot-auto
# Move it somewhere
mv certbot-auto ~/bin
# Create certificates
~/bin/certbot-auto certonly --standalone -d example.com -d www.example.com
~/bin/certbot-auto certonly --standalone -d example1.com -d www.example1.com
You now have the certificates under /etc/letsencrypt/live/domain, and
you install them yourself on whatever web server you are using, be
that Apache, Nginx, or Pound.
2. Renewal:
For renewal I have a crontab script that runs weekly. It is basically this:
/usr/sbin/service apache2 stop
~/bin/certbot-auto renew --standalone > ~/certbot-renew.txt 2>&1
/usr/sbin/service apache2 start
It will find out what domains have SSL certificates (under
/etc/letsencrypt), and attempt to renew all of them. Works well.
--
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple,
and wrong." -- H.L. Mencken
More information about the kwlug-disc
mailing list