Last active
November 6, 2018 04:37
-
-
Save alexishida/0ab4becb2c078528ba75a0c42b489d8c to your computer and use it in GitHub Desktop.
Manual Letsencrypt Certbot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Link de Referência | |
| https://certbot.eff.org/ | |
| https://certbot.eff.org/docs/ | |
| # Install | |
| On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages. | |
| $ sudo apt-get update | |
| $ sudo apt-get install software-properties-common | |
| $ sudo add-apt-repository ppa:certbot/certbot | |
| $ sudo apt-get update | |
| $ sudo apt-get install certbot | |
| # Comando pra gerar (Opção 1 - Seflhost 2 - Verificação manual) | |
| $ sudo certbot certonly | |
| # Local dos certificados | |
| - v /etc/letsencrypt:/letsencrypt \ | |
| # Adiciona no nginx conf | |
| ssl_certificate /letsencrypt/live/example.com/fullchain.pem; | |
| ssl_certificate_key /letsencrypt/live/example.com/privkey.pem; | |
| ssl_trusted_certificate /letsencrypt/live/example.com/fullchain.pem; | |
| # Arquivo conf exemplo | |
| server { | |
| listen 80; | |
| server_name example.com; | |
| return 301 https://example.com$request_uri; | |
| } | |
| server { | |
| listen 443 ssl http2; | |
| client_max_body_size 60M; | |
| server_name dexample.com; | |
| ssl_certificate /letsencrypt/live/example.com/fullchain.pem; | |
| ssl_certificate_key /letsencrypt/live/example.com/privkey.pem; | |
| ssl_trusted_certificate /letsencrypt/live/example.com/fullchain.pem; | |
| ssl_protocols TLSv1.1 TLSv1.2; | |
| ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; | |
| ssl_prefer_server_ciphers on; | |
| } | |
| # Renovar | |
| The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command: | |
| $ sudo certbot renew --dry-run | |
| # Renovando manualmente | |
| $ sudo certbot renew | |
| $ certbot renew --standalone --preferred-challenges=http | |
| $ certbot renew --standalone --preferred-challenges=tls-sni | |
| $ certbot renew --webroot-path /storage/nginx/certbot | |
| ---------------------------------------------------------------------------------------------------------------------- | |
| # MODO MANUAL DE VERIFICAÇÃO DE DOMÍNIO | |
| ---------------------------------------------------------------------------------------------------------------------- | |
| # Local no container nginx onde vai ficar o .well-known | |
| /etc/nginx/certbot | |
| # Local no servidor onde vai ficar o .well-known | |
| /storage/nginx/certbot | |
| # | |
| server { | |
| listen 80; | |
| server_name example.com; | |
| return 301 https://example.com$request_uri; | |
| # root /etc/nginx/certbot; | |
| } | |
| # Ou | |
| ... | |
| location /.well-known { | |
| alias /etc/nginx/certbot/.well-known; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment