let_s_encrypt
Ceci est une ancienne révision du document !
Table des matières
Let's Encrypt
Let's Encrypt est un projet soutenu par Internet Security Research Group (ISRG). L'objectif est de permettre à tous et gratuitement de pouvoir mettre en place des certificats SSL pour sécuriser les connexions.
Configuration des certificats Let's Encrypt
J'ai configuré les certificats pour plusieurs noms de domaines et voici la procédure suivie, pour le domaine fictif “plouf.com”.
On commence par activer les backports (sous Stretch) afin de bénéficier de la version de certbot la plus récente.
# vim /etc/apt/sources.list #(...ajouter à la fin du fichier :) # Backports repository deb http://ftp.debian.org/debian stretch-backports main
Dans mon cas, après installation sans les backports, certbot était en version 0.10 alors qu'avec les backports, on a la version 0.19.0.
# apt-get -t stretch-backports install python-certbot-apache
# certbot --version
certbot 0.19.0
# certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: plouf.com 2: sous.plouf.com 3: piscine.plouf.com ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):1,2,3 Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):mon@mail.com ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for plouf.com tls-sni-01 challenge for sous.plouf.com tls-sni-01 challenge for piscine.plouf.com Enabled Apache socache_shmcb module Enabled Apache ssl module Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem Created an SSL vhost at /etc/apache2/sites-available/vps89550.ovh.net-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/vps89550.ovh.net-le-ssl.conf Enabling available site: /etc/apache2/sites-available/vps89550.ovh.net-le-ssl.conf An unexpected error occurred: StopIteration Please see the logfiles in /var/log/letsencrypt for more details. IMPORTANT NOTES: - Unable to install the certificate - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/caliban.be/fullchain.pem. Your cert will expire on 2018-04-10. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you lose your account credentials, you can recover through e-mails sent to moi@simonlefort.be. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
Sources
let_s_encrypt.1515549447.txt.gz · Dernière modification : 2020/08/09 12:59 (modification externe)