Configuring HTTPS from Let`s Encrypt with Certbot

LetsEncrypt, Ubuntu, Nginx, HTTPS, SSL, HTTP

Some time ago, the SSL certificate from Let`s Encrypt ceased to be updated on the site. Judging by the mistakes, the structure of the files for organizing the keys has changed somewhat. After researching the problem, the easiest option was to install SSL certificates using the Certbot utility. This utility installs certificates in automatic mode, and automatically creates a task to update the certificate, which is based either in the cron scheduler or in systemd .

Since the site server is running on Ubuntu 16.04, the installation kit was also selected for this OS. In the case of other operating systems, Certbot also provides manuals for other systems.

If you are setting up an SSL certificate for the first time, you can use the manual on the Certbot website, if you have already configured the certificate with other utilities, for example, with the helpencrypt package without using certbot, as shown in the next article , you will probably need to do a small cleaning Before installing Certbot`a.

Preparing to Install an SSL Certificate

First, make a backup directory letsencrypt

sudo cp /etc/letsencrypt/ /etc/letsencrypt.backup -r

After that you need to delete all configuration files and certificates of your site

rm -rf /etc/letsencrypt/live/${DOMAIN}
rm -rf /etc/letsencrypt/renewal/${DOMAIN}.conf
rm -rf /etc/letsencrypt/archive/${DOMAIN}

If you have configured the cron scheduler to automatically update the certificate, do not forget to delete this task.

Installing an SSL Certificate

Next, you need to install the Certbot utility for Ubuntu 16.04 (in this case, this version of the OS is used), with no standard repositories in this utility, so you need to use PPA developers.

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

Getting a certificate

The next step is to start the utility, which will automatically find the configured servers. I will remind you that Nginx is used on my site, so the configuration will be done for this type of server.

$ sudo certbot --nginx

The utility searches for domains that run on the site in the Nginx configuration files in the variable server_name .

If this variable is not set, then the domains for which you will receive certificates will not be found.

During the execution of certbot --nginx, a list will be displayed from which you will need to select for which server you are getting the certificate. And also asked how exactly the server should be configured: for working on wallpaper protocols (HTTP and HTTPS) or only on HTTPS. I recommend selecting the first option, because by HTTPS Yandex does not take robots.txt files. After executing this command, certbot will make the necessary changes to the nginx configuration files.

Also, you can only install certificates, and configure nginx configuration files manually. This is done with the following command:

$ sudo certbot --nginx certonly

Automating certificate renewal

The following command will perform a trial receipt of the certificate, which will not be installed.

$ sudo certbot renew --dry-run

If the certificate is successfully received, a task will be created to automatically update the certificate.

In the manual certbot`a it was said that the task will be created either in the cron scheduler or in the systemd. In my case, the task was created as a timer in systemd.

Find it was possible on the following path:

/etc/systemd/system/timers.target.wants/certbot.timer

To manually start the certificate update, you can use the following command:

certbot renew
Virtual hosting with 10 percent discount
Virtual hosting with 10 percent discount
EVILEG offers reliable hosting with a 10% discount for virtual hosting and 5% for VPS
Support the author Donate

Comments

Only authorized users can post comments.
Please, Log in or Sign up
Last comments
June 24, 2019, 10:23 a.m.
Евгений Легоцкой

Хорошо, ну будут проблемы помимо того, что касается статей, то не стесняйтесь задавать вопросы на форуме.
МБ
June 24, 2019, 10:21 a.m.
Михаил Булатов

Извиняюсь, все работает(из-за невнимательности).
June 24, 2019, 9:52 a.m.
Евгений Легоцкой

Придётся делать ещё сигнал в дочернем qml и пробрасывать через коннекты и обработчики. А вообще нужно смотреть конкретный код и что вы пытаетесь сделать. Так что лучше будет, если вы зад...
June 21, 2019, 8:31 a.m.
Ruslan Polupan

Вот моя строка по которой все отлично сработало %cqtdeployer% -bin c:/CentralMposKeys/CentalMposKeys.exe -qmake c:/Qt/5.12.2/mingw73_64/bin/qmake.exe
June 21, 2019, 8:24 a.m.
Андрей Янкович

Возможно кому то пригодится сqtdeployer для windows работает точно так же как и для Linux разница лишь в команде запуска Linux: cqtdeployer Windows: %cqtdeployer...
Now discuss on the forum
June 24, 2019, 2:36 p.m.
Михаиллл

Нашел проект подключения к вебсокету.Но по моему адресу не могу подключиться.Нужно ли для этого использовать библиотеки?Вы не знаете адрес вебсокета, на котором можно проверить с...
June 24, 2019, 2:07 p.m.
Евгений Легоцкой

Я пока даже не знаю, а какой код самого подключения? использовали ожидание на подключение? Так делали? socket->connectToServer("market");if (socket->waitForConnected(1000)) ...
June 24, 2019, 1:19 p.m.
IscanderChe

// widget.cpp#include "widget.h"#include <QTableView>#include <QVBoxLayout>#include "checkboxdelegate.h"#include "comboboxdelegate.h"#include "mytableview.h"#include <QSqlD...
June 24, 2019, 11:16 a.m.
BlinCT

Хорошо, с этим понятно. Вот есть такой набор каких то кнопок. Цифры отображают в каком порядке должен менятся фокус.1. Как правильнее сделать отображение активного обьекта...
e
June 24, 2019, 10:58 a.m.
evgenm27

Спасибо за ответ, буду пробовать
Looking for a Job?
10,000.00 руб. - 15,000.00 руб.
Нужен помощник для создания API.
Moscow, Moscow, Russia
25,000.00 руб. - 30,000.00 руб.
Разработчик Qt/C++
Barnaul, Altai Krai, Russia

For registered users on the site there is a minimum amount of advertising

EVILEG
About
Services
Join us
© EVILEG 2015-2019
Recommend hosting TIMEWEB