Let's Encrypt est un projet soutenu par Internet Security Research Group (ISRG). L'objectif est de permettre à tous et gratuitement de pouvoir mettre en place des certificats SSL pour sécuriser les connexions.

J'ai configuré les certificats pour plusieurs noms de domaines et voici la procédure suivie, pour le domaine fictif “plouf.com”.

J'ai utilisé l'outil acme-tiny, on commence par le télécharger et l'installer.

# wget https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py -O /usr/local/bin/acme-tiny.py
--2018-01-10 02:30:22--  https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.120.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.120.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9179 (9.0K) [text/plain]
Saving to: ‘/usr/local/bin/acme-tiny.py’
 
/usr/local/bin/acme-tiny.py         100%[================================================================>]   8.96K  --.-KB/s    in 0s      
 
2018-01-10 02:30:22 (51.4 MB/s) - ‘/usr/local/bin/acme-tiny.py’ saved [9179/9179]

On crée un dossier pour Let's Encrypt, avec les bons droits :

# mkdir /etc/letsencrypt
# chown root:ssl-cert /etc/letsencrypt/
# chmod 750 /etc/letsencrypt/

On se déplace dans le dossier qu'on vient de créer :

# cd /etc/letsencrypt/

Et on lance la génération d'une clé privée :

NOUVELLE SOLUTION :

# apt install python-certbot-apache

<hidden>

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  augeas-lenses certbot libaugeas0 python-acme python-augeas python-certbot python-chardet python-configargparse python-configobj
  python-dnspython python-funcsigs python-mock python-openssl python-parsedatetime python-pbr python-psutil python-pyicu python-requests
  python-rfc3339 python-tz python-urllib3 python-zope.component python-zope.event python-zope.hookable python-zope.interface
Suggested packages:
  augeas-doc python-certbot-doc augeas-tools python-acme-doc python-certbot-apache-doc python-configobj-doc python-funcsigs-doc
  python-mock-doc python-openssl-doc python-openssl-dbg python-psutil-doc python-socks python-ntlm
The following NEW packages will be installed:
  augeas-lenses certbot libaugeas0 python-acme python-augeas python-certbot python-certbot-apache python-chardet python-configargparse
  python-configobj python-dnspython python-funcsigs python-mock python-openssl python-parsedatetime python-pbr python-psutil python-pyicu
  python-requests python-rfc3339 python-tz python-urllib3 python-zope.component python-zope.event python-zope.hookable
  python-zope.interface
0 upgraded, 26 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,133 kB of archives.
After this operation, 9,863 kB of additional disk space will be used.
Do you want to continue? [Y/n]
(...)

# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
 
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: plouf.com
2: sous.plouf.com
3: piscine.plouf.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):1,2,3
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):mon@mail.com
 
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for plouf.com
tls-sni-01 challenge for sous.plouf.com
tls-sni-01 challenge for piscine.plouf.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
Created an SSL vhost at /etc/apache2/sites-available/vps89550.ovh.net-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/vps89550.ovh.net-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/vps89550.ovh.net-le-ssl.conf
An unexpected error occurred:
StopIteration
Please see the logfiles in /var/log/letsencrypt for more details.
 
IMPORTANT NOTES:
 - Unable to install the certificate
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/caliban.be/fullchain.pem. Your cert will
   expire on 2018-04-10. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again with the
   "certonly" option. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you lose your account credentials, you can recover through
   e-mails sent to moi@simonlefort.be.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

• Sysnove.fr