Difference between revisions of "Let's Encrypt"
Jump to navigation
Jump to search
(Created page with "{{seed}} ==Related== * Secure Sockets Layer ==Notes== * [https://letsencrypt.org/ official site] ** [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf subscr...") |
|||
(7 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
==Related== | ==Related== | ||
* [[Secure Sockets Layer]] | * [[Secure Sockets Layer]] | ||
+ | * '''commands''': | ||
+ | ** {{l/cmd|letsencrypt}}: setup utility (I think) | ||
+ | ** {{l/cmd|certbot}}: manages certificates | ||
+ | ** {{l/cmd|openssl}} | ||
==Notes== | ==Notes== | ||
* [https://letsencrypt.org/ official site] | * [https://letsencrypt.org/ official site] | ||
** [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf subscriber agreement] (PDF) | ** [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf subscriber agreement] (PDF) | ||
+ | ** [https://certbot.eff.org/ CertBot instructions] | ||
+ | *** [https://certbot.eff.org/docs/using.html CertBot User Guide] | ||
+ | * [https://crt.sh/ domain listing] | ||
+ | ** e.g. [https://crt.sh/?q=htyp.org htyp.org] | ||
+ | ===Files=== | ||
+ | * <code>/etc/letsencrypt/</code> | ||
+ | ** +<code>archive/</code> - contains one folder per domain | ||
+ | *** +<code>{{arg|domain folder}}/</code> -- folder names are arbitrary, specified in <code>renewal/</code> files | ||
+ | ** +<code>live/</code> | ||
+ | *** +<code>{{arg|domain name}}</code> - contains links to the current files | ||
+ | ** +<code>renewal/</code> - contains configurations to load (equivalent to <code>sites-enabled/</code> in Apache/Nginx) | ||
+ | |||
+ | I'm guessing that LE adds a new fileset to <code>archive/{{arg|domain folder}}/</code> for each renewal, and updates the links in <code>live/{{arg|domain name}}</code>. | ||
+ | |||
+ | ==Errors== | ||
+ | * <code>Error requesting challenges: Error creating new authz :: Validations for new domains are disabled in the V1 API</code> | ||
+ | ** This is because of the [https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 End of Life Plan for ACMEv1] | ||
+ | ** If you've been using Let's Encrypt via [[VirtualMin]], you may have to actually install CertBot (apparently VirtualMin has its own method of handling renewals but will use CertBot if it is installed) - instructions [https://www.virtualmin.com/node/67390 here], but basically: | ||
+ | *** <code>apt install socat certbot</code> | ||
+ | *** <code>certbot register</code> | ||
+ | ==Links== | ||
+ | * [https://crt.sh/?q=htyp.org certificate lookup]: replace <code>htyp.org</code> with any domain. Use %domain for wildcard matches. |
Latest revision as of 01:28, 26 November 2022
This page is a seed article. You can help HTYP water it: make a request to expand a given page and/or donate to help give us more writing-hours!
|
Related
- Secure Sockets Layer
- commands:
- letsencrypt: setup utility (I think)
- certbot: manages certificates
- openssl
Notes
Files
/etc/letsencrypt/
- +
archive/
- contains one folder per domain- +
<domain folder>/
-- folder names are arbitrary, specified inrenewal/
files
- +
- +
live/
- +
<domain name>
- contains links to the current files
- +
- +
renewal/
- contains configurations to load (equivalent tosites-enabled/
in Apache/Nginx)
- +
I'm guessing that LE adds a new fileset to archive/<domain folder>/
for each renewal, and updates the links in live/<domain name>
.
Errors
Error requesting challenges: Error creating new authz :: Validations for new domains are disabled in the V1 API
- This is because of the End of Life Plan for ACMEv1
- If you've been using Let's Encrypt via VirtualMin, you may have to actually install CertBot (apparently VirtualMin has its own method of handling renewals but will use CertBot if it is installed) - instructions here, but basically:
apt install socat certbot
certbot register
Links
- certificate lookup: replace
htyp.org
with any domain. Use %domain for wildcard matches.