Privacy policyContactsAbout siteOpinionsGitHubDonate
© EVILEG 2015-2018
Recommend hosting
TIMEWEB

Configuring HTTPS from Let`s Encrypt with Certbot

LetsEncrypt, Ubuntu, Nginx, HTTPS, SSL, HTTP

Some time ago, the SSL certificate from Let`s Encrypt ceased to be updated on the site. Judging by the mistakes, the structure of the files for organizing the keys has changed somewhat. After researching the problem, the easiest option was to install SSL certificates using the Certbot utility. This utility installs certificates in automatic mode, and automatically creates a task to update the certificate, which is based either in the cron scheduler or in systemd .

Since the site server is running on Ubuntu 16.04, the installation kit was also selected for this OS. In the case of other operating systems, Certbot also provides manuals for other systems.

If you are setting up an SSL certificate for the first time, you can use the manual on the Certbot website, if you have already configured the certificate with other utilities, for example, with the helpencrypt package without using certbot, as shown in the next article , you will probably need to do a small cleaning Before installing Certbot`a.

Preparing to Install an SSL Certificate

First, make a backup directory letsencrypt

sudo cp /etc/letsencrypt/ /etc/letsencrypt.backup -r

After that you need to delete all configuration files and certificates of your site

rm -rf /etc/letsencrypt/live/${DOMAIN}
rm -rf /etc/letsencrypt/renewal/${DOMAIN}.conf
rm -rf /etc/letsencrypt/archive/${DOMAIN}

If you have configured the cron scheduler to automatically update the certificate, do not forget to delete this task.

Installing an SSL Certificate

Next, you need to install the Certbot utility for Ubuntu 16.04 (in this case, this version of the OS is used), with no standard repositories in this utility, so you need to use PPA developers.

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

Getting a certificate

The next step is to start the utility, which will automatically find the configured servers. I will remind you that Nginx is used on my site, so the configuration will be done for this type of server.

$ sudo certbot --nginx

The utility searches for domains that run on the site in the Nginx configuration files in the variable server_name .

If this variable is not set, then the domains for which you will receive certificates will not be found.

During the execution of certbot --nginx, a list will be displayed from which you will need to select for which server you are getting the certificate. And also asked how exactly the server should be configured: for working on wallpaper protocols (HTTP and HTTPS) or only on HTTPS. I recommend selecting the first option, because by HTTPS Yandex does not take robots.txt files. After executing this command, certbot will make the necessary changes to the nginx configuration files.

Also, you can only install certificates, and configure nginx configuration files manually. This is done with the following command:

$ sudo certbot --nginx certonly

Automating certificate renewal

The following command will perform a trial receipt of the certificate, which will not be installed.

$ sudo certbot renew --dry-run

If the certificate is successfully received, a task will be created to automatically update the certificate.

In the manual certbot`a it was said that the task will be created either in the cron scheduler or in the systemd. In my case, the task was created as a timer in systemd.

Find it was possible on the following path:

/etc/systemd/system/timers.target.wants/certbot.timer

To manually start the certificate update, you can use the following command:

certbot renew

Comments

Only authorized users can post comments.
Please, Log in or Sign up
v
Jan. 17, 2019, 11:51 a.m.
vitalir12

C ++ - Test 004. Pointers, Arrays and Loops

  • Result:20points,
  • Rating points-10
v
Jan. 17, 2019, 11:49 a.m.
vitalir12

C++ - Test 002. Constants

  • Result:50points,
  • Rating points-4
v
Jan. 17, 2019, 11:13 a.m.
vitalir12

C++ - Тест 003. Условия и циклы

  • Result:28points,
  • Rating points-10
Last comments
I
Jan. 16, 2019, 8:06 a.m.
IscanderChe

Заработало. Забыл model->select(); вписать.
I
Jan. 16, 2019, 8:02 a.m.
IscanderChe

Всё равно пусто, хотя строка с данными в базу добавляется.
Jan. 16, 2019, 7:51 a.m.
Евгений Легоцкой

потому, что нужно сохранять информацию для всех остальных ролей и столбцов через вызов переопределённого метода. Да к тому же вы ещё и зациклили вызов метода data. QVariant MySqlTableModel:...
I
Jan. 16, 2019, 7:43 a.m.
IscanderChe

Сделал вот так. В tableView ничего нет, кроме заголовка. QVariant MySqlTableModel::data(const QModelIndex &index, int role) const{ if (role == Qt::DisplayRole) { QTime ...
Now discuss on the forum
Jan. 17, 2019, 1:40 p.m.
Михаиллл

Спасибо, заработало.Учту с переменными.
Jan. 17, 2019, 12:01 p.m.
Алексей Внуков

у меня просто есть отдельное поле с чекбоксамими какие колонки нужно отображать CheckBox { id: checkBox text: qsTr("some text") checked: true onC...
Jan. 15, 2019, 4:53 p.m.
Михаиллл

Спасибо, заработало.Но выдало обычный текст без форатирования HTML.Придется искать дальше
Jan. 15, 2019, 12:52 p.m.
BlinCT

Я же вам выше написал CLion умеет работать с ремоут машинами. И Qt так же собирает.
Join us in social networks

For registered users on the site there is a minimum amount of advertising