Let's encrypt

Installation

sudo add-apt-repository -y ppa:certbot/certbot \
&& sudo apt-get update
sudo apt-get install python-certbot-apache
sudo apt-get install python-certbot-nginx

Wildcard

certbot certonly --manual \
-d *.loliot.net \
-d loliot.net
dig -t TXT _acme-challenge.loliot.net

Apache

sudo vim /etc/apache2/sites-available/xxx.conf
<VirtualHost *:80>
ServerName xxx
Redirect permanent / https://xxx
</VirtualHost>
<VirtualHost *:443>
...
SSLEngine on
SSLCertificateFile /<path>/cert.pem
SSLCertificateKeyFile /<path>/privkey.pem
SSLCertificateChainFile /<path>/chain.pem
...
sudo systemctl restart apache2

Nginx

sudo vim /etc/nginx/sites-available/xxx
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /<path>/fullchain.pem;
ssl_certificate_key /<path>/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_prefer_server_ciphers on;
...
sudo systemctl restart nginx

Renew

certbot renew
Last updated on