Jump to content

Certbot: Difference between revisions

Certbot (view source)

Revision as of 15:47, 12 September 2022

277 bytes removed ,  12 September 2022
Add infos about read permissions for acme group
VisualWikitext
imported>Onny
(Add module agreeTerms option)
imported>Onny
(Add infos about read permissions for acme group)
Line 17: Line 17:
It is possible to use several different methods to generate and configure certificates. Verification is done manually, via web servers or DNS records. Not all methods are covered here, for more information please consult the [https://eff-certbot.readthedocs.io/en/stable/ upstream documentation].
It is possible to use several different methods to generate and configure certificates. Verification is done manually, via web servers or DNS records. Not all methods are covered here, for more information please consult the [https://eff-certbot.readthedocs.io/en/stable/ upstream documentation].
   
   
Generated certificates and keys by using the commands below will be stored as <code>/etc/letsencrypt/live/example.org/fullchain.pem</code> and <code>/etc/letsencrypt/live/example.org/privkey.pem</code>.
Generated certificates and keys by using the commands below will be stored as <code>/etc/letsencrypt/live/example.org/fullchain.pem</code> and <code>/etc/letsencrypt/live/example.org/privkey.pem</code>, readable by the <code>acme</code> group.
 
To make the keys readable by a third party user or application, you could set custom ACL permissions. In this example we grant the user <code>maddy</code> read permissions for the certificate folder:
 
<syntaxhighlight lang="console">
# sudo setfacl -R -m u:maddy:rX /etc/letsencrypt/{live,archive}
</syntaxhighlight>


=== Manual DNS challenge ===
=== Manual DNS challenge ===
Anonymous user
Retrieved from "https://wiki.nixos.org/wiki/Special:MobileDiff/10090"