Privacy policyContactsAbout siteOpinionsGitHubDonate
© EVILEG 2015-2018
Recommend hosting
TIMEWEB

Configuring HTTPS from Let`s Encrypt with Certbot

LetsEncrypt, Ubuntu, Nginx, HTTPS, SSL, HTTP

Some time ago, the SSL certificate from Let`s Encrypt ceased to be updated on the site. Judging by the mistakes, the structure of the files for organizing the keys has changed somewhat. After researching the problem, the easiest option was to install SSL certificates using the Certbot utility. This utility installs certificates in automatic mode, and automatically creates a task to update the certificate, which is based either in the cron scheduler or in systemd .

Since the site server is running on Ubuntu 16.04, the installation kit was also selected for this OS. In the case of other operating systems, Certbot also provides manuals for other systems.

If you are setting up an SSL certificate for the first time, you can use the manual on the Certbot website, if you have already configured the certificate with other utilities, for example, with the helpencrypt package without using certbot, as shown in the next article , you will probably need to do a small cleaning Before installing Certbot`a.

Preparing to Install an SSL Certificate

First, make a backup directory letsencrypt

sudo cp /etc/letsencrypt/ /etc/letsencrypt.backup -r

After that you need to delete all configuration files and certificates of your site

rm -rf /etc/letsencrypt/live/${DOMAIN}
rm -rf /etc/letsencrypt/renewal/${DOMAIN}.conf
rm -rf /etc/letsencrypt/archive/${DOMAIN}

If you have configured the cron scheduler to automatically update the certificate, do not forget to delete this task.

Installing an SSL Certificate

Next, you need to install the Certbot utility for Ubuntu 16.04 (in this case, this version of the OS is used), with no standard repositories in this utility, so you need to use PPA developers.

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

Getting a certificate

The next step is to start the utility, which will automatically find the configured servers. I will remind you that Nginx is used on my site, so the configuration will be done for this type of server.

$ sudo certbot --nginx

The utility searches for domains that run on the site in the Nginx configuration files in the variable server_name .

If this variable is not set, then the domains for which you will receive certificates will not be found.

During the execution of certbot --nginx, a list will be displayed from which you will need to select for which server you are getting the certificate. And also asked how exactly the server should be configured: for working on wallpaper protocols (HTTP and HTTPS) or only on HTTPS. I recommend selecting the first option, because by HTTPS Yandex does not take robots.txt files. After executing this command, certbot will make the necessary changes to the nginx configuration files.

Also, you can only install certificates, and configure nginx configuration files manually. This is done with the following command:

$ sudo certbot --nginx certonly

Automating certificate renewal

The following command will perform a trial receipt of the certificate, which will not be installed.

$ sudo certbot renew --dry-run

If the certificate is successfully received, a task will be created to automatically update the certificate.

In the manual certbot`a it was said that the task will be created either in the cron scheduler or in the systemd. In my case, the task was created as a timer in systemd.

Find it was possible on the following path:

/etc/systemd/system/timers.target.wants/certbot.timer

To manually start the certificate update, you can use the following command:

certbot renew
Virtual hosting with 10 percent discount
Virtual hosting with 10 percent discount
EVILEG offers reliable hosting with a 10% discount for virtual hosting and 5% for VPS

Comments

Only authorized users can post comments.
Please, Log in or Sign up
Last comments
March 19, 2019, 12:57 p.m.
AlexanderBardin

Добрый день. А проверить работоспособность локально как-то можно не указывая реальнй сайт (еще в разработке)
March 16, 2019, 1:55 p.m.
Дмитрий

Спасибо за статью. Давно итересует следующий вопрос: с помощью переменных QMAKE_TARGET_COMPANYQMAKE_TARGET_PRODUCTQMAKE_TARGET_DESCRIPTIONможно задать свойства компилируемой программы, о...
JS
March 12, 2019, 10:19 a.m.
Jean Stefanovich

Большое спасибо за разъяснения!
March 12, 2019, 10:04 a.m.
Евгений Легоцкой

Hello, In fact, this functionality or is not implemented, or is not documented. I'm not sure. But I think, that it should be implemented in Text QML Type. Because of we can write text in...
March 12, 2019, 9:51 a.m.
Евгений Легоцкой

Да вы правы. На самом деле проще через QSqlQueryModel, сколько не пытался использовать эти дженерики типо QSqlTableModel и QSqlRelationalTableModel, то всегда упирался в какие-то их ограничени...
Now discuss on the forum
March 19, 2019, 1:43 p.m.
AlexanderBardin

Очень интересная тема. У вас случайно нет статьи с полным циклом интреграции нескольких языков?Так сказать с нуля, что нужно, какие пакеты ставить, что куда писать. Тут вроде информации не ма...
March 17, 2019, 10:47 p.m.
Евгений Легоцкой

Добрый день. Вот, нашлось у меня немного времени. Делается это через шаблон проектирования наблюдатель. GraphKS_mfvSlup.zip
ЧГ
March 15, 2019, 9:52 p.m.
Чарльз Грин

спасибо, попробую, отпишусь
m
March 15, 2019, 7:41 p.m.
mihamuz

Сори догадался)
n
March 12, 2019, 4:57 p.m.
newbie.works.with.QT

Большооооое спасибо!!!!!Не передать как я вам благодарен, спасибо что всегда отзываетесь.Теперь я смогу продолжить работу в QT!!! (пробую писать бота (Я как вы могли догадаться немного не пр...
Join us in social networks

For registered users on the site there is a minimum amount of advertising