Difference between revisions of "Let's Encrypt"

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
==Related==
 
==Related==
 
* [[Secure Sockets Layer]]
 
* [[Secure Sockets Layer]]
* [[openssl]]
+
* '''commands''':
 +
** {{l/cmd|letsencrypt}}: setup utility (I think)
 +
** {{l/cmd|certbot}}: manages certificates
 +
** {{l/cmd|openssl}}
 
==Notes==
 
==Notes==
 
* [https://letsencrypt.org/ official site]
 
* [https://letsencrypt.org/ official site]
 
** [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf subscriber agreement] (PDF)
 
** [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf subscriber agreement] (PDF)
 
** [https://certbot.eff.org/ CertBot instructions]
 
** [https://certbot.eff.org/ CertBot instructions]
 +
*** [https://certbot.eff.org/docs/using.html CertBot User Guide]
 +
* [https://crt.sh/ domain listing]
 +
** e.g. [https://crt.sh/?q=htyp.org htyp.org]
 +
===Files===
 +
* <code>/etc/letsencrypt/</code>
 +
** +<code>archive/</code> - contains one folder per domain
 +
*** +<code>{{arg|domain folder}}/</code> -- folder names are arbitrary, specified in <code>renewal/</code> files
 +
** +<code>live/</code>
 +
*** +<code>{{arg|domain name}}</code> - contains links to the current files
 +
** +<code>renewal/</code> - contains configurations to load (equivalent to <code>sites-enabled/</code> in Apache/Nginx)
 +
 +
I'm guessing that LE adds a new fileset to <code>archive/{{arg|domain folder}}/</code> for each renewal, and updates the links in <code>live/{{arg|domain name}}</code>.
 +
 +
==Errors==
 +
* <code>Error requesting challenges: Error creating new authz :: Validations for new domains are disabled in the V1 API</code>
 +
** This is because of the [https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 End of Life Plan for ACMEv1]
 +
** If you've been using Let's Encrypt via [[VirtualMin]], you may have to actually install CertBot (apparently VirtualMin has its own method of handling renewals but will use CertBot if it is installed) - instructions [https://www.virtualmin.com/node/67390 here], but basically:
 +
*** <code>apt install socat certbot</code>
 +
*** <code>certbot register</code>
 +
==Links==
 +
* [https://crt.sh/?q=htyp.org certificate lookup]: replace <code>htyp.org</code> with any domain. Use %domain for wildcard matches.

Latest revision as of 01:28, 26 November 2022

This page is a seed article. You can help HTYP water it: make a request to expand a given page and/or donate to help give us more writing-hours!

Related

Notes

Files

  • /etc/letsencrypt/
    • +archive/ - contains one folder per domain
      • +<domain folder>/ -- folder names are arbitrary, specified in renewal/ files
    • +live/
      • +<domain name> - contains links to the current files
    • +renewal/ - contains configurations to load (equivalent to sites-enabled/ in Apache/Nginx)

I'm guessing that LE adds a new fileset to archive/<domain folder>/ for each renewal, and updates the links in live/<domain name>.

Errors

  • Error requesting challenges: Error creating new authz :: Validations for new domains are disabled in the V1 API
    • This is because of the End of Life Plan for ACMEv1
    • If you've been using Let's Encrypt via VirtualMin, you may have to actually install CertBot (apparently VirtualMin has its own method of handling renewals but will use CertBot if it is installed) - instructions here, but basically:
      • apt install socat certbot
      • certbot register

Links