Certbot
Aus SchnallIchNet
Version vom 26. März 2020, 08:20 Uhr von Cbs (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „== CREATE == === create new cert by webroot === certbot certonly -c /etc/letsencrypt/cli.ini --webroot -w /var/www/<DOMAIN>/www -d www.<DOMAIN>.de -d <DOMAI…“)
Inhaltsverzeichnis
CREATE
create new cert by webroot
certbot certonly -c /etc/letsencrypt/cli.ini --webroot -w /var/www/<DOMAIN>/www -d www.<DOMAIN>.de -d <DOMAIN>.de -d yadda.<DOMAIN>.de
You can add as many '-d foo.<DOMAIN>.de' entries as you need - as long as they all use the same document root on the webserver.
Also you can add a 2nd '-w /path/to/docRoot/ -d <DOMAIN>.eu -d www.<DOMAIN>.eu -d ...'
create cert by DNS challenges
This method is required e.g. for wildcard certificates:
certbot certonly -c /etc/letsencrypt/cli-manual.ini --manual --preferred-challenges dns -d *.<DOMAIN>.tld
During that process 'certbot' will print out the secure challenge and will wait for you to set up your DNS
before checking. Set the DNS RR is present.
Set the following DNS TXT RR:
_acme-challenge IN TXT "<SecureChallenge>"
and make sure it's replicated to all slaves.
Now press enter on the waiting certbot shell to move forward.
RENEW
Easy as that:
certbot renew
REVOKE
revole by cert-path
certbot revoke --cert-path /etc/letsencrypt/live/<DOMAIN>/cert.pem