SSL Certificate of Let's Encrypt and autoodnawianie!
Anyone who is interested, uses or use an encrypted connection for your web site / application - knows what it is, zorientownych for less - it is a novelty on the market, Let's Encrypt zostałstworzony, to give you a free SSL 10 SSL certificates within a single domain for FREE 3 months.
By providing the authors of the project, renewal of certificates can be automated, thus, in principle, you can forget about every-3-month renewal manual.
You need to install the package "git" and several libraries "python'owych".
We will show how to install SSL Let's Encrypta on Debian 8 / Debian 7 / and a web server nginx 1.8.1 / 1.9.14
Updating and installing Gita
1 2 3 | apt-get update apt-get upgrade apt-get install git -y |
Grab the latest parcel Let's Encrypta
1 | git clone https://github.com/letsencrypt/letsencrypt |
Generating a certificate for existing sites
1 | sh /root/letsencrypt/letsencrypt-auto certonly --webroot --webroot-path /var/www --domains strona.pl,www.strona.pl --agree-tos --email admin@strona.pl |
–webroot –webroot-path / var / www – this is the path where the files of our website.
–domains strona.pl,www.strona.pl – The name of the page for which you want to generate Certificate.
–email admin@strona.pl our e-mail domain.
setting autoodnowienia:
1 | sudo crontab -u root -l; echo "0 0 1 * * sh /root/letsencrypt/letsencrypt-auto renew >> /dev/null && service nginx restart >> /dev/null") | crontab -u root - |
The command will be executed by cron every month q1 to ensure business continuity and renewal certificate.
Below configuration vhost:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | server { listen 443 ssl; server_name strona.pl www.strona.pl; ssl on; ssl_certificate /etc/letsencrypt/live/strona.pl/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/strona.pl/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/strona.pl/chain.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=86400; resolver_timeout 10; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"; ### DALSZA CZĘŚĆ KONFIGURACJI ### } |
Welcome
The question is how to remove this certificate from your domain?
The quickest way to do this is to simply turn off a given vhost.