Last active
October 26, 2017 10:21
-
-
Save cookie-ag/5dec90a6187f196a9514ef2e59e8e2d7 to your computer and use it in GitHub Desktop.
LetsEncrypt SSL for Node.js - Installation and Renewal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - In Standalone phase, one will be asked to clear "TLS-SNI-01 challenge". This can be made valid only by enabling HTTP mode. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ certbot --version (Check the version of the bot, useful in case the config changes with versions) | |
| $ certbot certificates (Check the latest certificates) | |
| $ sudo certbot certonly | |
| -> 1 (Standalone Server) | |
| -> Enter domain example.com | |
| $ sudo certbot certonly --standalone -d example.com -d www.example.com (Standalone Mode) | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ certbot delete --cert-name example.com (In case you simply want to delete due to testing / staging reasons) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Valid for Ubuntu 14.X | |
| $ sudo apt-get update | |
| $ sudo apt-get install software-properties-common | |
| $ sudo add-apt-repository ppa:certbot/certbot | |
| $ sudo apt-get update | |
| $ sudo apt-get install certbot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Let’s Encrypt is a free, automated, and open Certificate Authority. | |
| https://letsencrypt.org/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ certbot certonly --cert-name example.com -d example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo certbot renew --dry-run (Simulate renew) | |
| certbot renew |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem --reason keycompromise (In case the key has been comprimised) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -> 1. In standalone mode "Problem binding to port 443: Could not bind to IPv4 or IPv6." | |
| ---> The port 443 seems to be unbinable, hence we need to check if it blocked by some application? | |
| - $ netstat -tpln | |
| -> if the outcome is "tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 13807/httpd", then simply stop the app and retry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment