summaryrefslogtreecommitdiff
path: root/system/letsencrypt/README.Slackware
diff options
context:
space:
mode:
Diffstat (limited to 'system/letsencrypt/README.Slackware')
-rw-r--r--system/letsencrypt/README.Slackware40
1 files changed, 25 insertions, 15 deletions
diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware
index 4a2e7e15fd..97d34b4f5b 100644
--- a/system/letsencrypt/README.Slackware
+++ b/system/letsencrypt/README.Slackware
@@ -1,12 +1,12 @@
-PLUGIN SUPPORT
+PLUGINS SUPPORT
letsencrypt support five plugins to obtain/install certificates and many more to come in the future.
-However, we will only cover standalone plugin because apache plugin only works on Debian-based OS for now
-and nginx is still considered very experimental.
+However, we will only cover standalone and apache plugin. Using apache plugin is the recommended way
+as it doesn't require the webserver to be taken offline causing downtime during validation.
-OBTAINING CERTIFICATE USING STANDALONE PLUGIN
-Since Slackware is not yet supported, instead of running "letsencrypt-auto certonly"
-as instructed, you can run "letsencrypt certonly" to install certificates manually using standalone plugin.
+All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
+Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf
+OBTAINING CERTIFICATE USING STANDALONE PLUGIN
Here's what i use to create a certificate using port 443 for domain validation
certbot certonly --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
--email <ADMIN-EMAIL> --renew-by-default --agree-tos --text --standalone
@@ -16,23 +16,33 @@ If you want to use port 80 for domain validation, replace
with
--preferred-challenges http-01
+Since 0.14.1, letsencrypt is able to generate/renew all certificates for all of your configured vhost domains.
+Just run letsencrypt or certbot and you will see all domains are available.
+
NOTE:
You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to
temporarily stop your exising webserver)
-All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
-Once certificate is created, you need to enable and configure httpd-ssl.conf
+OBTAINING CERTIFICATE USING APACHE PLUGIN
+Thanks to Eric Pratt, certbot/letsencrypt's Apache Plugin is now working well with Slackware.
+
+Here's what i use to create a certificate using port 443 for domain validation
+certbot certonly --apache --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
+--email <ADMIN-EMAIL> --renew-by-default --agree-tos --text
RENEWAL PROCESS
-Best way is to use a simple bash script that perform following actions:
-- turn off httpd service
-- give some delay (2s is enough)
-- run the above command to renew automatically
-- start httpd service
+Best way to automate the certificate renewal is by using cron service.
+Create a bash script in /etc/cron.d/monthly that does the following actions (depending on which plugin you used):
+Standalone: - turn off httpd service
+ - give some delay (2s is enough)
+ - run the same command generate the certificate to renew automatically
+ - start httpd service
+Apache Plugin: run the same command to generate the certificate to renew automatically
RATE LIMIT
Rate limit on registrations per IP is now 500 per 3 hours.
Rate limit on certificates per Domain is now 20 per 7 days.
+See complete documentation here: https://letsencrypt.org/docs/rate-limits/
CONFIGURATION FILES
@@ -56,8 +66,8 @@ rsa-key-size = 4096
# Uncomment to use a text interface instead of ncurses
# text = True
-# Uncomment to use the standalone authenticator on port 443
-# authenticator = standalone
+# Uncomment to use the standalone or apache authenticator on port 443
+# authenticator = standalone / apache
# preferred-challenges = tls-sni-01
# Uncomment to use the webroot authenticator. Replace webroot-path with the