Https inschakelen op je website(s) met EFF’s Certbot 1


InstallHTTPS-OVPC-Certbot

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages.

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn’t yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the “webroot” plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the “webroot” plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly –webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.
Note:

To use the webroot plugin, your server must be configured to serve files from hidden directories. If /.well-known is treated specially by your webserver configuration, you might need to modify the configuration to ensure that files inside /.well-known/acme-challenge are served by the webserver.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly –standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew –dry-run

More detailed information and options about renewal can be found in the full documentation.

How to  Manage certificates


One thought on “Https inschakelen op je website(s) met EFF’s Certbot

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *

Deze website gebruikt Akismet om spam te verminderen. Bekijk hoe je reactie-gegevens worden verwerkt.