Letsencrypt Howto

From Cactus Howto
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This applies to apache2 webservers running on debian and ubuntu.

Source: https://letsencrypt.org/getting-started/

Note: letsencrypt is docker-based.

The following commands are executed as root.

  • install git (necssary for downloading letsencrypt)
apt-get install git
  • optional: set proxy for https access to github:
export https_proxy=http://proxy:3128
  • download letsencrypt from github:
git clone https://github.com/letsencrypt/letsencrypt
  • setup the docker environment and display synopsis:
cd letsencrypt
./letsencrypt-auto --help
  • let letsencrypt modify the apache2 config (this will open an interactive menu allowing you to choose from various options as detailed below)
./letsencrypt-auto --apache
  • menu options
Which names would you like to activate HTTPS for?
  servername1.cactus.de  
  servername2.cactus.de  
  servername3.cactus.de  
Enter email address (used for urgent notices and lost key recovery)
  webmeister@cactus.de
Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf. 
You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory.
Please choose whether HTTPS access is required or optional.
  Easy    Allow both HTTP and HTTPS access to these sites
  Secure  Make all requests redirect to secure HTTPS access 
  • Full protocol
howto:/etc/apache2# aptitude install git
The following NEW packages will be installed:
  git git-man{a} liberror-perl{a} rsync{a} 
0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 5,030 kB of archives. After unpacking 26.5 MB will be used.
Do you want to continue? [Y/n/?] 
Get: 1 http://ftp.de.debian.org/debian/ jessie/main liberror-perl all 0.17-1.1 [22.4 kB]
Get: 2 http://ftp.de.debian.org/debian-security/ jessie/updates/main git-man all 1:2.1.4-2.1+deb8u2 [1,267 kB]
Get: 3 http://ftp.de.debian.org/debian-security/ jessie/updates/main git i386 1:2.1.4-2.1+deb8u2 [3,342 kB]
Get: 4 http://ftp.de.debian.org/debian/ jessie/main rsync i386 3.1.1-3 [399 kB]
Fetched 5,030 kB in 6s (748 kB/s)                                               
Selecting previously unselected package liberror-perl.
(Reading database ... 66486 files and directories currently installed.)
Preparing to unpack .../liberror-perl_0.17-1.1_all.deb ...
Unpacking liberror-perl (0.17-1.1) ...
Selecting previously unselected package git-man.
Preparing to unpack .../git-man_1%3a2.1.4-2.1+deb8u2_all.deb ...
Unpacking git-man (1:2.1.4-2.1+deb8u2) ...
Selecting previously unselected package git.
Preparing to unpack .../git_1%3a2.1.4-2.1+deb8u2_i386.deb ...
Unpacking git (1:2.1.4-2.1+deb8u2) ...
Selecting previously unselected package rsync.
Preparing to unpack .../rsync_3.1.1-3_i386.deb ...
Unpacking rsync (3.1.1-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u3) ...
Setting up liberror-perl (0.17-1.1) ...
Setting up git-man (1:2.1.4-2.1+deb8u2) ...
Setting up git (1:2.1.4-2.1+deb8u2) ...
Setting up rsync (3.1.1-3) ...
Processing triggers for systemd (215-17+deb8u3) ...
howto:/etc/apache2# git clone https://github.com/letsencrypt/letsencrypt
Cloning into 'letsencrypt'...
remote: Counting objects: 33273, done.
remote: Compressing objects: 100% (31/31), done.
remote: Total 33273 (delta 13), reused 0 (delta 0), pack-reused 33242
Receiving objects: 100% (33273/33273), 8.73 MiB | 1.13 MiB/s, done.
Resolving deltas: 100% (23621/23621), done.
Checking connectivity... done.
howto:/usr/local/letsencrypt# ./letsencrypt-auto --help
Bootstrapping dependencies for Debian-based OSes...
Ign http://ftp.de.debian.org jessie InRelease
Hit http://ftp.de.debian.org jessie-updates InRelease
Hit http://ftp.de.debian.org jessie/updates InRelease
Hit http://ftp.de.debian.org jessie Release.gpg                            
Get:1 http://ftp.de.debian.org jessie-updates/main i386 Packages/DiffIndex [1,012 B]
Hit http://ftp.de.debian.org jessie-updates/contrib i386 Packages
Get:2 http://ftp.de.debian.org jessie-updates/non-free i386 Packages/DiffIndex [736 B]
Hit http://ftp.de.debian.org jessie-updates/contrib Translation-en
Get:3 http://ftp.de.debian.org jessie-updates/main Translation-en/DiffIndex [736 B]
Get:4 http://ftp.de.debian.org jessie-updates/non-free Translation-en/DiffIndex [736 B]
Hit http://ftp.de.debian.org jessie Release         
Hit http://ftp.de.debian.org jessie/updates/main i386 Packages
Hit http://ftp.de.debian.org jessie/updates/contrib i386 Packages
Hit http://ftp.de.debian.org jessie/updates/non-free i386 Packages      
Hit http://ftp.de.debian.org jessie/updates/contrib Translation-en
Hit http://ftp.de.debian.org jessie/updates/main Translation-en
Hit http://ftp.de.debian.org jessie/updates/non-free Translation-en
Hit http://ftp.de.debian.org jessie/main Sources
Hit http://ftp.de.debian.org jessie/contrib Sources               
Hit http://ftp.de.debian.org jessie/non-free Sources              
Hit http://ftp.de.debian.org jessie/main i386 Packages
Hit http://ftp.de.debian.org jessie/contrib i386 Packages
Hit http://ftp.de.debian.org jessie/non-free i386 Packages
Hit http://ftp.de.debian.org jessie/contrib Translation-en
Hit http://ftp.de.debian.org jessie/main Translation-en
Hit http://ftp.de.debian.org jessie/non-free Translation-en
Fetched 3,220 B in 5s (561 B/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree       
Reading state information... Done
ca-certificates is already the newest version.
gcc is already the newest version.
python is already the newest version.
The following extra packages will be installed:
  dh-python libexpat1-dev libmpdec2 libpython-dev libpython2.7-dev libpython3-stdlib libpython3.4-minimal libpython3.4-stdlib python-chardet-whl
  python-colorama-whl python-distlib-whl python-html5lib-whl python-pip-whl python-requests-whl python-setuptools-whl python-six-whl python-urllib3-whl
  python2.7-dev python3 python3-minimal python3-pkg-resources python3-virtualenv python3.4 python3.4-minimal zlib1g-dev
Suggested packages:
  augeas-doc augeas-tools python3-doc python3-tk python3-venv python3-setuptools python3.4-venv python3.4-doc binfmt-support
Recommended packages:
  libssl-doc
The following NEW packages will be installed:
  augeas-lenses dh-python dialog libaugeas0 libexpat1-dev libffi-dev libmpdec2 libpython-dev libpython2.7-dev libpython3-stdlib libpython3.4-minimal
  libpython3.4-stdlib libssl-dev python-chardet-whl python-colorama-whl python-dev python-distlib-whl python-html5lib-whl python-pip-whl python-requests-whl
  python-setuptools-whl python-six-whl python-urllib3-whl python-virtualenv python2.7-dev python3 python3-minimal python3-pkg-resources python3-virtualenv
  python3.4 python3.4-minimal virtualenv zlib1g-dev
0 upgraded, 33 newly installed, 0 to remove and 0 not upgraded.
Need to get 27.3 MB of archives.
After this operation, 57.5 MB of additional disk space will be used.
Get:1 http://ftp.de.debian.org/debian/ jessie/main libmpdec2 i386 2.4.1-1 [82.6 kB]
Get:2 http://ftp.de.debian.org/debian/ jessie/main libexpat1-dev i386 2.1.0-6+deb8u1 [126 kB]
Get:3 http://ftp.de.debian.org/debian/ jessie/main libpython2.7-dev i386 2.7.9-2 [18.4 MB]
Get:4 http://ftp.de.debian.org/debian/ jessie/main libpython3.4-minimal i386 3.4.2-1 [492 kB]                                                                 
Get:5 http://ftp.de.debian.org/debian/ jessie/main libpython3.4-stdlib i386 3.4.2-1 [2,092 kB]                                                                
Get:6 http://ftp.de.debian.org/debian/ jessie/main python3.4-minimal i386 3.4.2-1 [1,641 kB]                                                                  
Get:7 http://ftp.de.debian.org/debian/ jessie/main augeas-lenses all 1.2.0-0.2+deb8u1 [335 kB]                                                                
Get:8 http://ftp.de.debian.org/debian/ jessie/main python3.4 i386 3.4.2-1 [204 kB]                                                                            
Get:9 http://ftp.de.debian.org/debian/ jessie/main python3-minimal i386 3.4.2-2 [34.4 kB]                                                                     
Get:10 http://ftp.de.debian.org/debian/ jessie/main libpython3-stdlib i386 3.4.2-2 [18.1 kB]                                                                  
Get:11 http://ftp.de.debian.org/debian/ jessie/main python3 i386 3.4.2-2 [21.1 kB]                                                                            
Get:12 http://ftp.de.debian.org/debian/ jessie/main dh-python all 1.20141111-2 [66.4 kB]                                                                      
Get:13 http://ftp.de.debian.org/debian/ jessie/main dialog i386 1.2-20140911-1 [264 kB]                                                                       
Get:14 http://ftp.de.debian.org/debian/ jessie/main libaugeas0 i386 1.2.0-0.2+deb8u1 [268 kB]                                                                 
Get:15 http://ftp.de.debian.org/debian/ jessie/main libffi-dev i386 3.1-2+b2 [156 kB]                                                                         
Get:16 http://ftp.de.debian.org/debian/ jessie/main libpython-dev i386 2.7.9-1 [19.6 kB]                                                                      
Get:17 http://ftp.de.debian.org/debian/ jessie/main zlib1g-dev i386 1:1.2.8.dfsg-2+b1 [205 kB]                                                                
Get:18 http://ftp.de.debian.org/debian-security/ jessie/updates/main libssl-dev i386 1.0.1k-3+deb8u4 [1,250 kB]                                               
Get:19 http://ftp.de.debian.org/debian/ jessie/main python3-pkg-resources all 5.5.1-1 [34.2 kB]                                                               
Get:20 http://ftp.de.debian.org/debian/ jessie/main python-chardet-whl all 2.3.0-1 [170 kB]                                                                   
Get:21 http://ftp.de.debian.org/debian/ jessie/main python-colorama-whl all 0.3.2-1 [20.2 kB]                                                                 
Get:22 http://ftp.de.debian.org/debian/ jessie/main python2.7-dev i386 2.7.9-2 [278 kB]                                                                       
Get:23 http://ftp.de.debian.org/debian/ jessie/main python-dev i386 2.7.9-1 [1,178 B]                                                                         
Get:24 http://ftp.de.debian.org/debian/ jessie/main python-distlib-whl all 0.1.9-1 [141 kB]                                                                   
Get:25 http://ftp.de.debian.org/debian/ jessie/main python-html5lib-whl all 0.999-3 [112 kB]                                                                  
Get:26 http://ftp.de.debian.org/debian/ jessie/main python-six-whl all 1.8.0-1 [14.8 kB]                                                                      
Get:27 http://ftp.de.debian.org/debian/ jessie/main python-urllib3-whl all 1.9.1-3 [76.8 kB]                                                                  
Get:28 http://ftp.de.debian.org/debian/ jessie/main python-requests-whl all 2.4.3-6 [241 kB]                                                                  
Get:29 http://ftp.de.debian.org/debian/ jessie/main python-setuptools-whl all 5.5.1-1 [233 kB]                                                                
Get:30 http://ftp.de.debian.org/debian/ jessie/main python-pip-whl all 1.5.6-5 [126 kB]                                                                       
Get:31 http://ftp.de.debian.org/debian/ jessie/main python-virtualenv all 1.11.6+ds-1 [61.2 kB]                                                               
Get:32 http://ftp.de.debian.org/debian/ jessie/main python3-virtualenv all 1.11.6+ds-1 [60.5 kB]                                                              
Get:33 http://ftp.de.debian.org/debian/ jessie/main virtualenv all 1.11.6+ds-1 [17.2 kB]                                                                      
Fetched 27.3 MB in 31s (868 kB/s)                                                                                                                             
Extracting templates from packages: 100%
Selecting previously unselected package libmpdec2:i386.
(Reading database ... 67290 files and directories currently installed.)
Preparing to unpack .../libmpdec2_2.4.1-1_i386.deb ...
Unpacking libmpdec2:i386 (2.4.1-1) ...
Selecting previously unselected package libexpat1-dev:i386.
Preparing to unpack .../libexpat1-dev_2.1.0-6+deb8u1_i386.deb ...
Unpacking libexpat1-dev:i386 (2.1.0-6+deb8u1) ...
Selecting previously unselected package libpython2.7-dev:i386.
Preparing to unpack .../libpython2.7-dev_2.7.9-2_i386.deb ...
Unpacking libpython2.7-dev:i386 (2.7.9-2) ...
Selecting previously unselected package libpython3.4-minimal:i386.
Preparing to unpack .../libpython3.4-minimal_3.4.2-1_i386.deb ...
Unpacking libpython3.4-minimal:i386 (3.4.2-1) ...
Selecting previously unselected package libpython3.4-stdlib:i386.
Preparing to unpack .../libpython3.4-stdlib_3.4.2-1_i386.deb ...
Unpacking libpython3.4-stdlib:i386 (3.4.2-1) ...
Selecting previously unselected package python3.4-minimal.
Preparing to unpack .../python3.4-minimal_3.4.2-1_i386.deb ...
Unpacking python3.4-minimal (3.4.2-1) ...
Selecting previously unselected package augeas-lenses.
Preparing to unpack .../augeas-lenses_1.2.0-0.2+deb8u1_all.deb ...
Unpacking augeas-lenses (1.2.0-0.2+deb8u1) ...
Selecting previously unselected package python3.4.
Preparing to unpack .../python3.4_3.4.2-1_i386.deb ...
Unpacking python3.4 (3.4.2-1) ...
Selecting previously unselected package python3-minimal.
Preparing to unpack .../python3-minimal_3.4.2-2_i386.deb ...
Unpacking python3-minimal (3.4.2-2) ...
Selecting previously unselected package libpython3-stdlib:i386.
Preparing to unpack .../libpython3-stdlib_3.4.2-2_i386.deb ...
Unpacking libpython3-stdlib:i386 (3.4.2-2) ...
Selecting previously unselected package python3.
Preparing to unpack .../python3_3.4.2-2_i386.deb ...
Unpacking python3 (3.4.2-2) ...
Selecting previously unselected package dh-python.
Preparing to unpack .../dh-python_1.20141111-2_all.deb ...
Unpacking dh-python (1.20141111-2) ...
Selecting previously unselected package dialog.
Preparing to unpack .../dialog_1.2-20140911-1_i386.deb ...
Unpacking dialog (1.2-20140911-1) ...
Selecting previously unselected package libaugeas0.
Preparing to unpack .../libaugeas0_1.2.0-0.2+deb8u1_i386.deb ...
Unpacking libaugeas0 (1.2.0-0.2+deb8u1) ...
Selecting previously unselected package libffi-dev:i386.
Preparing to unpack .../libffi-dev_3.1-2+b2_i386.deb ...
Unpacking libffi-dev:i386 (3.1-2+b2) ...
Selecting previously unselected package libpython-dev:i386.
Preparing to unpack .../libpython-dev_2.7.9-1_i386.deb ...
Unpacking libpython-dev:i386 (2.7.9-1) ...
Selecting previously unselected package zlib1g-dev:i386.
Preparing to unpack .../zlib1g-dev_1%3a1.2.8.dfsg-2+b1_i386.deb ...
Unpacking zlib1g-dev:i386 (1:1.2.8.dfsg-2+b1) ...
Selecting previously unselected package libssl-dev:i386.
Preparing to unpack .../libssl-dev_1.0.1k-3+deb8u4_i386.deb ...
Unpacking libssl-dev:i386 (1.0.1k-3+deb8u4) ...
Selecting previously unselected package python3-pkg-resources.
Preparing to unpack .../python3-pkg-resources_5.5.1-1_all.deb ...
Unpacking python3-pkg-resources (5.5.1-1) ...
Selecting previously unselected package python-chardet-whl.
Preparing to unpack .../python-chardet-whl_2.3.0-1_all.deb ...
Unpacking python-chardet-whl (2.3.0-1) ...
Selecting previously unselected package python-colorama-whl.
Preparing to unpack .../python-colorama-whl_0.3.2-1_all.deb ...
Unpacking python-colorama-whl (0.3.2-1) ...
Selecting previously unselected package python2.7-dev.
Preparing to unpack .../python2.7-dev_2.7.9-2_i386.deb ...
Unpacking python2.7-dev (2.7.9-2) ...
Selecting previously unselected package python-dev.
Preparing to unpack .../python-dev_2.7.9-1_i386.deb ...
Unpacking python-dev (2.7.9-1) ...
Selecting previously unselected package python-distlib-whl.
Preparing to unpack .../python-distlib-whl_0.1.9-1_all.deb ...
Unpacking python-distlib-whl (0.1.9-1) ...
Selecting previously unselected package python-html5lib-whl.
Preparing to unpack .../python-html5lib-whl_0.999-3_all.deb ...
Unpacking python-html5lib-whl (0.999-3) ...
Selecting previously unselected package python-six-whl.
Preparing to unpack .../python-six-whl_1.8.0-1_all.deb ...
Unpacking python-six-whl (1.8.0-1) ...
Selecting previously unselected package python-urllib3-whl.
Preparing to unpack .../python-urllib3-whl_1.9.1-3_all.deb ...
Unpacking python-urllib3-whl (1.9.1-3) ...
Selecting previously unselected package python-requests-whl.
Preparing to unpack .../python-requests-whl_2.4.3-6_all.deb ...
Unpacking python-requests-whl (2.4.3-6) ...
Selecting previously unselected package python-setuptools-whl.
Preparing to unpack .../python-setuptools-whl_5.5.1-1_all.deb ...
Unpacking python-setuptools-whl (5.5.1-1) ...
Selecting previously unselected package python-pip-whl.
Preparing to unpack .../python-pip-whl_1.5.6-5_all.deb ...
Unpacking python-pip-whl (1.5.6-5) ...
Selecting previously unselected package python-virtualenv.
Preparing to unpack .../python-virtualenv_1.11.6+ds-1_all.deb ...
Unpacking python-virtualenv (1.11.6+ds-1) ...
Selecting previously unselected package python3-virtualenv.
Preparing to unpack .../python3-virtualenv_1.11.6+ds-1_all.deb ...
Unpacking python3-virtualenv (1.11.6+ds-1) ...
Selecting previously unselected package virtualenv.
Preparing to unpack .../virtualenv_1.11.6+ds-1_all.deb ...
Unpacking virtualenv (1.11.6+ds-1) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for mime-support (3.58) ...
Processing triggers for install-info (5.2.0.dfsg.1-6) ...
Setting up libmpdec2:i386 (2.4.1-1) ...
Setting up libexpat1-dev:i386 (2.1.0-6+deb8u1) ...
Setting up libpython2.7-dev:i386 (2.7.9-2) ...
Setting up libpython3.4-minimal:i386 (3.4.2-1) ...
Setting up libpython3.4-stdlib:i386 (3.4.2-1) ...
Setting up python3.4-minimal (3.4.2-1) ...
Setting up augeas-lenses (1.2.0-0.2+deb8u1) ...
Setting up python3.4 (3.4.2-1) ...
Setting up python3-minimal (3.4.2-2) ...
Setting up libpython3-stdlib:i386 (3.4.2-2) ...
Setting up dialog (1.2-20140911-1) ...
Setting up libaugeas0 (1.2.0-0.2+deb8u1) ...
Setting up libffi-dev:i386 (3.1-2+b2) ...
Setting up libpython-dev:i386 (2.7.9-1) ...
Setting up zlib1g-dev:i386 (1:1.2.8.dfsg-2+b1) ...
Setting up libssl-dev:i386 (1.0.1k-3+deb8u4) ...
Setting up python-colorama-whl (0.3.2-1) ...
Setting up python2.7-dev (2.7.9-2) ...
Setting up python-dev (2.7.9-1) ...
Setting up python-distlib-whl (0.1.9-1) ...
Setting up python-html5lib-whl (0.999-3) ...
Setting up python-six-whl (1.8.0-1) ...
Setting up python-urllib3-whl (1.9.1-3) ...
Setting up python-requests-whl (2.4.3-6) ...
Setting up python-setuptools-whl (5.5.1-1) ...
Setting up python3 (3.4.2-2) ...
running python rtupdate hooks for python3.4...
running python post-rtupdate hooks for python3.4...
Setting up dh-python (1.20141111-2) ...
Setting up python3-pkg-resources (5.5.1-1) ...
Setting up python-chardet-whl (2.3.0-1) ...
Setting up python-pip-whl (1.5.6-5) ...
Setting up python-virtualenv (1.11.6+ds-1) ...
Setting up python3-virtualenv (1.11.6+ds-1) ...
Setting up virtualenv (1.11.6+ds-1) ...
Processing triggers for libc-bin (2.19-18+deb8u3) ...
Checking for new version...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
   /root/.local/share/letsencrypt/bin/letsencrypt --help

  letsencrypt-auto [SUBCOMMAND] [options] [-d domain] [-d domain] ...

The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates.  By
default, it will attempt to use a webserver both for obtaining and installing
the cert. Major SUBCOMMANDS are:

  (default) run        Obtain & install a cert in your current webserver
  certonly             Obtain cert, but do not install it (aka "auth")
  install              Install a previously obtained cert in a server
  renew                Renew previously obtained certs that are near expiry
  revoke               Revoke a previously obtained certificate
  rollback             Rollback server configuration changes made during install
  config_changes       Show changes made to server config during installation
  plugins              Display information about installed plugins

Choice of server plugins for obtaining and installing cert:

  --apache          Use the Apache plugin for authentication & installation
  --standalone      Run a standalone webserver for authentication
  (nginx support is experimental, buggy, and not installed by default)
  --webroot         Place files in a server's webroot folder for authentication

OR use different plugins to obtain (authenticate) the cert and then install it:

  --authenticator standalone --installer apache

More detailed help:

  -h, --help [topic]    print this message, or detailed help on a topic;
                        the available topics are:

   all, automation, paths, security, testing, or any of the subcommands or
   plugins (certonly, install, nginx, apache, standalone, webroot, etc)

howto:/usr/local/letsencrypt#