Letsencrypt: Difference between revisions
From DWIKI
m →HOWTO Tag: wikieditor |
m →Links Tag: wikieditor |
||
| Line 8: | Line 8: | ||
*[https://letsencrypt.org/ Homepages] | *[https://letsencrypt.org/ Homepages] | ||
*[https://certbot.eff.org/instructions Certbot instructions] | *[https://certbot.eff.org/instructions Certbot instructions] | ||
*[https://github.com/go-acme/lego LEGO] | |||
=HOWTO= | =HOWTO= | ||
Revision as of 11:03, 25 February 2025
Free SSL certificates
Links
HOWTO
Disable auto renewal
Rename renewal file'
/etc/letsencrypt/renewal/example.com.conf.disabled
or in /etc/letsencrypt/renewal/example.com.conf under [renewalparams] add:
autorenew = False
Update cert(s)
certbot
Remove certs/domain
certbot delete --cert-name www.example.com
Restart service after renewal
In etc/letsencrypt/renewal/example.com.conf under [renewalparams] add
renew_hook = systemctl reload dovecot
With and without www
certbot --apache -d example.com -d www.example.com
Allow access to non-root user
setfacl -R -m u:someuser:rX /etc/letsencrypt/{live,archive}/example.org, and then
setfacl -m u:someuser:rX /etc/letsencrypt/{live,archive}
FAQ
Certbot Error messages
This website does not supply ownership information.
sod that
archive directory exists
Maybe you're using SNI, try
certbot --apache -d "www.example.com,example"
Failed to parse: https://acme-v02.api.letsencrypt.org/directory
Most likely your system is using an old urllib3, which relies on python3-six. If Ubuntu: switch to Certbot using snap
