Différences

Ci-dessous, les différences entre deux révisions de la page.

--- let_s_encrypt [2018/01/10 01:57] – simon
+++ let_s_encrypt [2018/04/24 14:29] – [Clés plus longues] simon
@@ Ligne 24: / Ligne 24: @@
 certbot 0.19.0
 </code>
+<WRAP center round alert 60%>
+Sur une installation plus récente, j'ai du passer par [[pip]] pour installer certbot 0.21. L'installation depuis les backports ne fonctionnait pas.
+</WRAP>
 <code bash>
 # certbot --apache
 Saving debug log to /var/log/letsencrypt/letsencrypt.log
+Plugins selected: Authenticator apache, Installer apache
 Which names would you like to activate HTTPS for?
 -------------------------------------------------------------------------------
 : plouf.com
-: sous.plouf.com
+: chat.plouf.com
-: piscine.plouf.com
+: wiki.plouf.com
 -------------------------------------------------------------------------------
 Select the appropriate numbers separated by commas and/or spaces, or leave input
-blank to select all options shown (Enter 'c' to cancel):1,2,3
+blank to select all options shown (Enter 'c' to cancel): 1
-Enter email address (used for urgent renewal and security notices) (Enter 'c' to
-cancel):mon@mail.com
--------------------------------------------------------------------------------
-Please read the Terms of Service at
-https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
-agree in order to register with the ACME server at
-https://acme-v01.api.letsencrypt.org/directory
--------------------------------------------------------------------------------
-(A)gree/(C)ancel: A
 Obtaining a new certificate
 Performing the following challenges:
-tls-sni-01 challenge for plouf.com
+tls-sni-01 challenge for caliban.be
-tls-sni-01 challenge for sous.plouf.com
-tls-sni-01 challenge for piscine.plouf.com
 Enabled Apache socache_shmcb module
 Enabled Apache ssl module
 Waiting for verification...
 Cleaning up challenges
-Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
+Created an SSL vhost at /etc/apache2/sites-available/plouf.com-le-ssl.conf
-Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
-Created an SSL vhost at /etc/apache2/sites-available/vps89550.ovh.net-le-ssl.conf
 Enabled Apache socache_shmcb module
 Enabled Apache ssl module
-Deploying Certificate to VirtualHost /etc/apache2/sites-available/vps89550.ovh.net-le-ssl.conf
+Deploying Certificate for caliban.be to VirtualHost /etc/apache2/sites-available/plouf.com-le-ssl.conf
-Enabling available site: /etc/apache2/sites-available/vps89550.ovh.net-le-ssl.conf
+Enabling available site: /etc/apache2/sites-available/plouf.com-le-ssl.conf
-An unexpected error occurred:
-StopIteration
-Please see the logfiles in /var/log/letsencrypt for more details.
-IMPORTANT NOTES:
+Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - Unable to install the certificate
+-------------------------------------------------------------------------------
- - Congratulations! Your certificate and chain have been saved at
+: No redirect - Make no further changes to the webserver configuration.
-   /etc/letsencrypt/live/caliban.be/fullchain.pem. Your cert will
+: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
-   expire on 2018-04-10. To obtain a new or tweaked version of this
+new sites, or if you're confident your site works on HTTPS. You can undo this
-   certificate in the future, simply run certbot again with the
+change by editing your web server's configuration.
-   "certonly" option. To non-interactively renew *all* of your
+-------------------------------------------------------------------------------
-   certificates, run "certbot renew"
+Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
- - If you lose your account credentials, you can recover through
+Redirecting vhost in /etc/apache2/sites-enabled/cplouf.com.conf to ssl vhost in /etc/apache2/sites-available/plouf.com-le-ssl.conf
-   e-mails sent to moi@simonlefort.be.
- - Your account credentials have been saved in your Certbot
-   configuration directory at /etc/letsencrypt. You should make a
-   secure backup of this folder now. This configuration directory will
-   also contain certificates and private keys obtained by Certbot so
-   making regular backups of this folder is ideal.
-</code>
-<code bash>
+-------------------------------------------------------------------------------
-</code>
+Congratulations! You have successfully enabled https://plouf.com
-<code bash>
+You should test your configuration at:
-</code>
+https://www.ssllabs.com/ssltest/analyze.html?d=plouf.com
+-------------------------------------------------------------------------------
-<code bash>
+IMPORTANT NOTES:
-</code>
+ - Congratulations! Your certificate and chain have been saved at:
+   /etc/letsencrypt/live/plouf.com-0001/fullchain.pem
+   Your key file has been saved at:
+   /etc/letsencrypt/live/plouf.com-0001/privkey.pem
+   Your cert will expire on 2018-04-10. To obtain a new or tweaked
+   version of this certificate in the future, simply run certbot again
+   with the "certonly" option. To non-interactively renew *all* of
+   your certificates, run "certbot renew"
+ - If you like Certbot, please consider supporting our work by:
-<code bash>
+   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
+   Donating to EFF:                    https://eff.org/donate-le
 </code>
+On peut tester un renouvellement des certificats avec la commande suivante :
 <code bash>
+# certbot renew --dry-run
 </code>
-<code bash>
+Actuellement, ça foire chez moi... Pas encore compris pourquoi.
-</code>
+==== Clés plus longues ====
 <code bash>
+# certbot certonly -a webroot --rsa-key-size 4096 --webroot-path=/var/www/plouf.com -d plouf.com -d www.plouf.com
 </code>
-<code bash>
-</code>
-<code bash>
-</code>
-<code bash>
-</code>
 ===== Sources =====
   * [[https://www.sysnove.fr/blog/2016/03/utilisation-pratique-letsencrypt-acme-tiny.html|Sysnove.fr]]