Certbot: Difference between revisions
imported>Onny Add module agreeTerms option |
→DNS challenge using a plugin: Use current channel for search.nixos.org link Tags: Mobile edit Mobile web edit Advanced mobile edit |
||
| (8 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
[https://github.com/certbot/certbot Certbot] is [https://www.eff.org/ Electronic Frontier Foundation]'s [[ACME]] client, which is written in Python and provides conveniences like automatic web server configuration and a built-in webserver for the HTTP challenge. Certbot is recommended by [https://letsencrypt.org/ Let's Encrypt]. | [https://github.com/certbot/certbot Certbot] is [https://www.eff.org/ Electronic Frontier Foundation]'s [[ACME]] client, which is written in Python and provides conveniences like automatic web server configuration and a built-in webserver for the HTTP challenge. Certbot is recommended by [https://letsencrypt.org/ Let's Encrypt]. | ||
{{Note|It is recommended to use the the ACME service module, available through <code>security.acme</code>, instead of ''certbot''. Please consult the | {{Note|It is recommended to use the the ACME service module, available through <code>security.acme</code>, instead of ''certbot''. Please consult the [[ACME | ACME page]] on how to use it.}} | ||
== Installation == | == Installation == | ||
| Line 17: | Line 17: | ||
It is possible to use several different methods to generate and configure certificates. Verification is done manually, via web servers or DNS records. Not all methods are covered here, for more information please consult the [https://eff-certbot.readthedocs.io/en/stable/ upstream documentation]. | It is possible to use several different methods to generate and configure certificates. Verification is done manually, via web servers or DNS records. Not all methods are covered here, for more information please consult the [https://eff-certbot.readthedocs.io/en/stable/ upstream documentation]. | ||
Generated certificates and keys by using the commands below will be stored as <code>/etc/letsencrypt/live/example.org/fullchain.pem</code> and <code>/etc/letsencrypt/live/example.org/privkey.pem</code> | Generated certificates and keys by using the commands below will be stored as <code>/etc/letsencrypt/live/example.org/fullchain.pem</code> and <code>/etc/letsencrypt/live/example.org/privkey.pem</code>, readable by the <code>acme</code> group. | ||
=== Manual DNS challenge === | === Manual DNS challenge === | ||
| Line 35: | Line 29: | ||
=== DNS challenge using a plugin === | === DNS challenge using a plugin === | ||
Currently there are several ''certbot'' plugins [https://search.nixos.org/packages? | Currently there are several ''certbot'' plugins [https://search.nixos.org/packages?query=certbot-dns already packaged]. While the plugin usage should be similar for most of them, you should look up upstream documentation on how to use them. In this example we're going to configure and use [https://github.com/oGGy990/certbot-dns-inwx the plugin] for the hosting provider [https://www.inwx.com/en INWX]. | ||
{{warning|1=Do not use a plaintext password in production, this is for demonstration only}} | {{warning|1=Do not use a plaintext password in production, this is for demonstration only}} | ||
| Line 67: | Line 61: | ||
Now that a specific domain is configured to get renewed using the plugin, the ''systemd-timer'' of the ''certbot'' module will automatically renew it after expiration. | Now that a specific domain is configured to get renewed using the plugin, the ''systemd-timer'' of the ''certbot'' module will automatically renew it after expiration. | ||
[[Category:Server]] | |||
[[Category:Applications]] | |||