Letsencrypt: Difference between revisions

From DWIKI
← Older edit
Tony (talk | contribs)
7,300 edits
Tony (talk | contribs)
7,300 edits
Tony (talk | contribs)
7,300 edits
Tag: wikieditor
 
(13 intermediate revisions by the same user not shown)
Line 7: Line 7:


*[https://letsencrypt.org/ Homepages]  
*[https://letsencrypt.org/ Homepages]  
*[https://certbot.eff.org/all-instructions Certbot instructions]  
*[https://certbot.eff.org/instructions Certbot instructions]
*[https://github.com/go-acme/lego LEGO]


= FAQ =
=HOWTO=
==Disable auto renewal==
Rename renewal file'
/etc/letsencrypt/renewal/example.com.conf.disabled
or in '''/etc/letsencrypt/renewal/example.com.conf''' under '''[renewalparams]''' add:
autorenew = False


== Update cert(s) ==
== Update cert(s) ==
Line 17: Line 23:
==Remove certs/domain==
==Remove certs/domain==
  certbot delete --cert-name www.example.com
  certbot delete --cert-name www.example.com
or run
certbot delete
Which might throw 'Another instance of Certbot is already running.', in that case
systemctl stop certbot
and remember to start it again if you need it
== Restart service after renewal ==
In '''etc/letsencrypt/renewal/example.com.conf''' under '''[renewalparams]''' add
renew_hook = systemctl reload dovecot
==With and without www==
certbot --apache -d example.com -d www.example.com
==Allow access to non-root user==
setfacl -R -m u:someuser:rX /etc/letsencrypt/{live,archive}/example.org, and then
setfacl -m u:someuser:rX /etc/letsencrypt/{live,archive}
= FAQ =
==Certbot Error messages==
===This website does not supply ownership information.===
sod that
===archive directory exists===
Maybe you're using SNI, try
certbot --apache -d "www.example.com,example"
===Failed to parse: https://acme-v02.api.letsencrypt.org/directory===
Most likely your system is using an old urllib3, which relies on python3-six.
If Ubuntu: switch to [https://community.letsencrypt.org/t/how-to-upgrade-certbot-installed-using-snap-on-ubuntu-20-04/187515/3 Certbot using snap]

Latest revision as of 13:53, 20 November 2025

Free SSL certificates

 

Links

HOWTO

Disable auto renewal

Rename renewal file' 

/etc/letsencrypt/renewal/example.com.conf.disabled

or in /etc/letsencrypt/renewal/example.com.conf under [renewalparams] add: 

autorenew = False

Update cert(s)

certbot

Remove certs/domain

certbot delete --cert-name www.example.com

or run 

certbot delete

Which might throw 'Another instance of Certbot is already running.', in that case 

systemctl stop certbot

and remember to start it again if you need it

Restart service after renewal

In etc/letsencrypt/renewal/example.com.conf under [renewalparams] add 

renew_hook = systemctl reload dovecot


With and without www

certbot --apache -d example.com -d www.example.com


Allow access to non-root user

setfacl -R -m u:someuser:rX /etc/letsencrypt/{live,archive}/example.org, and then
setfacl -m u:someuser:rX /etc/letsencrypt/{live,archive}

FAQ

Certbot Error messages

This website does not supply ownership information.

sod that


archive directory exists

Maybe you're using SNI, try 

certbot --apache -d "www.example.com,example"


Failed to parse: https://acme-v02.api.letsencrypt.org/directory

Most likely your system is using an old urllib3, which relies on python3-six. If Ubuntu: switch to Certbot using snap

Retrieved from "https://wiki.dhits.nl/index.php?title=Letsencrypt&oldid=10055"