Evgenii Legotckoi
Evgenii LegotckoiJune 22, 2017, 6:17 a.m.

Configuring HTTPS from Let`s Encrypt with Certbot

Some time ago, the SSL certificate from Let`s Encrypt ceased to be updated on the site. Judging by the mistakes, the structure of the files for organizing the keys has changed somewhat. After researching the problem, the easiest option was to install SSL certificates using the Certbot utility. This utility installs certificates in automatic mode, and automatically creates a task to update the certificate, which is based either in the cron scheduler or in systemd .

Since the site server is running on Ubuntu 16.04, the installation kit was also selected for this OS. In the case of other operating systems, Certbot also provides manuals for other systems.

If you are setting up an SSL certificate for the first time, you can use the manual on the Certbot website, if you have already configured the certificate with other utilities, for example, with the helpencrypt package without using certbot, as shown in the next article , you will probably need to do a small cleaning Before installing Certbot`a.


Preparing to Install an SSL Certificate

First, make a backup directory letsencrypt

sudo cp /etc/letsencrypt/ /etc/letsencrypt.backup -r

After that you need to delete all configuration files and certificates of your site

rm -rf /etc/letsencrypt/live/${DOMAIN}
rm -rf /etc/letsencrypt/renewal/${DOMAIN}.conf
rm -rf /etc/letsencrypt/archive/${DOMAIN}

If you have configured the cron scheduler to automatically update the certificate, do not forget to delete this task.

Installing an SSL Certificate

Next, you need to install the Certbot utility for Ubuntu 16.04 (in this case, this version of the OS is used), with no standard repositories in this utility, so you need to use PPA developers.

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

Getting a certificate

The next step is to start the utility, which will automatically find the configured servers. I will remind you that Nginx is used on my site, so the configuration will be done for this type of server.

$ sudo certbot --nginx

The utility searches for domains that run on the site in the Nginx configuration files in the variable server_name .

If this variable is not set, then the domains for which you will receive certificates will not be found.

During the execution of certbot --nginx, a list will be displayed from which you will need to select for which server you are getting the certificate. And also asked how exactly the server should be configured: for working on wallpaper protocols (HTTP and HTTPS) or only on HTTPS. I recommend selecting the first option, because by HTTPS Yandex does not take robots.txt files. After executing this command, certbot will make the necessary changes to the nginx configuration files.

Also, you can only install certificates, and configure nginx configuration files manually. This is done with the following command:

$ sudo certbot --nginx certonly

Automating certificate renewal

The following command will perform a trial receipt of the certificate, which will not be installed.

$ sudo certbot renew --dry-run

If the certificate is successfully received, a task will be created to automatically update the certificate.

In the manual certbot`a it was said that the task will be created either in the cron scheduler or in the systemd. In my case, the task was created as a timer in systemd.

Find it was possible on the following path:

/etc/systemd/system/timers.target.wants/certbot.timer

To manually start the certificate update, you can use the following command:

certbot renew
We recommend hosting TIMEWEB
We recommend hosting TIMEWEB
Stable hosting, on which the social network EVILEG is located. For projects on Django we recommend VDS hosting.

Do you like it? Share on social networks!

Comments

Only authorized users can post comments.
Please, Log in or Sign up
AD

C ++ - Test 004. Pointers, Arrays and Loops

  • Result:50points,
  • Rating points-4
m

C ++ - Test 004. Pointers, Arrays and Loops

  • Result:80points,
  • Rating points4
m

C ++ - Test 004. Pointers, Arrays and Loops

  • Result:20points,
  • Rating points-10
Last comments
ИМ
Игорь МаксимовNov. 22, 2024, 7:51 p.m.
Django - Tutorial 017. Customize the login page to Django Добрый вечер Евгений! Я сделал себе авторизацию аналогичную вашей, все работает, кроме возврата к предидущей странице. Редеректит всегда на главную, хотя в логах сервера вижу запросы на правильн…
Evgenii Legotckoi
Evgenii LegotckoiOct. 31, 2024, 9:37 p.m.
Django - Lesson 064. How to write a Python Markdown extension Добрый день. Да, можно. Либо через такие же плагины, либо с постобработкой через python библиотеку Beautiful Soup
A
ALO1ZEOct. 19, 2024, 3:19 p.m.
Fb3 file reader on Qt Creator Подскажите как это запустить? Я не шарю в программировании и кодинге. Скачал и установаил Qt, но куча ошибок выдается и не запустить. А очень надо fb3 переконвертировать в html
ИМ
Игорь МаксимовOct. 5, 2024, 2:51 p.m.
Django - Lesson 064. How to write a Python Markdown extension Приветствую Евгений! У меня вопрос. Можно ли вставлять свои классы в разметку редактора markdown? Допустим имея стандартную разметку: <ul> <li></li> <li></l…
d
dblas5July 5, 2024, 6:02 p.m.
QML - Lesson 016. SQLite database and the working with it in QML Qt Здравствуйте, возникает такая проблема (я новичок): ApplicationWindow неизвестный элемент. (М300) для TextField и Button аналогично. Могу предположить, что из-за более новой верси…
Now discuss on the forum
Evgenii Legotckoi
Evgenii LegotckoiJune 24, 2024, 10:11 p.m.
добавить qlineseries в функции Я тут. Работы оень много. Отправил его в бан.
t
tonypeachey1Nov. 15, 2024, 2:04 p.m.
google domain [url=https://google.com/]domain[/url] domain [http://www.example.com link title]
NSProject
NSProjectJune 4, 2022, 10:49 a.m.
Всё ещё разбираюсь с кешем. В следствии прочтения данной статьи. Я принял для себя решение сделать кеширование свойств менеджера модели LikeDislike. И так как установка evileg_core для меня не была возможна, ибо он писался…
9
9AnonimOct. 25, 2024, 4:10 p.m.
Машина тьюринга // Начальное состояние 0 0, ,<,1 // Переход в состояние 1 при пустом символе 0,0,>,0 // Остаемся в состоянии 0, двигаясь вправо при встрече 0 0,1,>…

Follow us in social networks