Skip to content

Instantly share code, notes, and snippets.

@olton

olton/letsencrypt.md

Last active July 24, 2022 07:03
Show Gist options
  • Save olton/75d8c65c40b5b7be6de3fc56d94ef4cb to your computer and use it in GitHub Desktop.
Save olton/75d8c65c40b5b7be6de3fc56d94ef4cb to your computer and use it in GitHub Desktop.
Download ZIP
Setup letsencrypt certificate
Raw
letsencrypt.md

Setup SSL certificate from Let's Encrypt

Install dnsutils and certbot

sudo apt -y install dnsutils certbot

You can use command host from dnsutils to test your dns settings

sudo certbot certonly --manual --preferred-challenges dns -d your-domain-name

Answer the questions and wait for the end of the challenge.

You can control changing TXT record in dns with command host -t txt _acme...you-domain

If you get successful result, you can copy certificate and key to Monitor folder:

sudo cp /etc/letsencrypt/live/your-domain-name/fullchain.pem ~/path_to_cert_folder/certificate.pem
sudo cp /etc/letsencrypt/live/your-domain-name/privkey.pem ~/path_to_cert_folder/privkey.pem

Change your-domain-name to your real domain name

or grant permissions to your user to access to cetificate and key.

Change owner and access:

sudo chown user:user  ~/path_to_cert_folder/certificate.pem
sudo chown user:user  ~/path_to_cert_folder/privkey.pem
chmod 755 ~/path_to_cert_folder/certificate.pem
chmod 600 ~/path_to_cert_folder/privkey.pem

Change user to your real username in system

Grants to user(s) and root

sudo addgroup certgroup
sudo usermod -aG certgroup root
sudo usermod -aG certgroup $USER
sudo chgrp -R certgroup /etc/letsencrypt/live
sudo chgrp -R certgroup /etc/letsencrypt/archive
sudo chmod -R 750 /etc/letsencrypt/live
sudo chmod -R 750 /etc/letsencrypt/archive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment