{"id":786,"date":"2019-06-29T17:54:36","date_gmt":"2019-06-29T17:54:36","guid":{"rendered":"http:\/\/camilalui.com\/?p=786"},"modified":"2019-06-30T07:37:55","modified_gmt":"2019-06-30T07:37:55","slug":"how-to-use-lets-encrypt-debian-ubuntu","status":"publish","type":"post","link":"https:\/\/camilalui.com\/?p=786","title":{"rendered":"How to use Lets Encrypt (Debian \/ Ubuntu)"},"content":{"rendered":"<p><a href=\"https:\/\/letsencrypt.org\/\">Let\u2019s Encrypt<\/a> is an SSL certificate authority managed by the Internet Security Research Group (ISRG). It utilizes the <a href=\"https:\/\/github.com\/ietf-wg-acme\/acme\/\">Automated Certificate Management Environment<\/a> (ACME) to automatically deploy free SSL certificates that are trusted by nearly all major browsers.<\/p>\n<p>1. Update\/Upgrade your system<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >sudo apt update &amp;&amp; sudo apt upgrade<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>2. Download and Install Lets Encrypt<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >sudo apt-get install git<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>3. Download a clone of Let\u2019s Encrypt from the <a href=\"https:\/\/github.com\/letsencrypt\/letsencrypt\">official GitHub repository<\/a>. <code>\/opt<\/code> is a common installation directory for third-party packages, so let\u2019s install the clone to <code>\/opt\/letsencrypt<\/code>:<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >sudo git clone https:\/\/github.com\/letsencrypt\/letsencrypt \/opt\/letsencrypt<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>4. Navigate to the new <code>\/opt\/letsencrypt<\/code> directory:<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >cd \/opt\/letsencrypt<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>5. Create the certificate<\/p>\n<p>Run Let\u2019s Encrypt with the <code>--standalone<\/code> parameter. For each additional domain name requiring a certificate, add <code>-d example.com<\/code> to the end of the command.<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >sudo -H .\/letsencrypt-auto certonly --standalone -d example.com -d www.example.com<\/textarea><\/pre>\n<\/div>\n<p>If you receive this error, stop your Apache server and try again.<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >Problem binding to port 80: Could not bind to IPv4 or IPv6.<\/textarea><\/pre>\n<\/div>\n<p>Agree to the Terms of Service and specify if you would like to share your email address with EFF:<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >-------------------------------------------------------------------------------\r\nPlease read the Terms of Service at\r\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\r\nagree in order to register with the ACME server at\r\nhttps:\/\/acme-v01.api.letsencrypt.org\/directory\r\n-------------------------------------------------------------------------------\r\n(A)gree\/(C)ancel:<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>If all goes well, you should receive a result like this:<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nPlugins selected: Authenticator standalone, Installer None\r\nObtaining a new certificate\r\n\r\nIMPORTANT NOTES:\r\n- Congratulations! Your certificate and chain have been saved at:\r\n\/etc\/letsencrypt\/live\/example.com\/fullchain.pem\r\nYour key file has been saved at:\r\n\/etc\/letsencrypt\/live\/example.com\/privkey.pem\r\nYour cert will expire on 2019-09-27. To obtain a new or tweaked\r\nversion of this certificate in the future, simply run\r\nletsencrypt-auto again. To non-interactively renew *all* of your\r\ncertificates, run \"letsencrypt-auto renew\"\r\n- If you like Certbot, please consider supporting our work by:\r\n\r\nDonating to ISRG \/ Let's Encrypt: https:\/\/letsencrypt.org\/donate\r\nDonating to EFF: https:\/\/eff.org\/donate-le<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>6. Configure your Virtual Host, it should be similar to this, one entry for port 80 and a duplicated block for port 443:<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >&lt;VirtualHost *:80&gt;\r\nServerName example.com\r\nServerAlias www.example.com\r\nServerAdmin example@email.com\r\nDocumentRoot \/var\/www\/html\/example\/src\/wordpress\r\nErrorLog ${APACHE_LOG_DIR}\/error.log\r\nCustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n&lt;\/VirtualHost&gt;\r\n\r\n&lt;VirtualHost *:443&gt;\r\nSSLEngine On\r\nSSLCertificateFile \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\r\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/example.com\/privkey.pem\r\nServerName example.com\r\nServerAlias www.example.com\r\nServerAdmin example@email.com\r\nDocumentRoot \/var\/www\/html\/example\/src\/wordpress\r\nErrorLog ${APACHE_LOG_DIR}\/error.log\r\nCustomLog ${APACHE_LOG_DIR}\/access.log combined\r\n&lt;\/VirtualHost&gt;<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>7. Check for the certificated domains:<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >sudo ls \/etc\/letsencrypt\/live<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>8. All your certificated sites should be under this path, you also can check with this command:<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >.\/certbot-auto certificates\r\n\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nFound the following certs:\r\nCertificate Name: example.com\r\nDomains: camilalui.com\r\nExpiry Date: 2019-09-27 16:01:19+00:00 (VALID: 89 days)\r\nCertificate Path: \/etc\/letsencrypt\/live\/camilalui.com-0001\/fullchain.pem\r\nPrivate Key Path: \/etc\/letsencrypt\/live\/camilalui.com-0001\/privkey.pem\r\nCertificate Name: camilalui.com\r\nDomains: example.com www.example.com\r\nExpiry Date: 2019-09-27 09:19:23+00:00 (VALID: 89 days)\r\nCertificate Path: \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\r\nPrivate Key Path: \/etc\/letsencrypt\/live\/example.com\/privkey.pem\r\nCertificate Name: food.camilalui.com\r\nDomains: web2.example.com\r\nExpiry Date: 2019-09-27 16:37:52+00:00 (VALID: 89 days)\r\nCertificate Path: \/etc\/letsencrypt\/live\/web2.example.com\/fullchain.pem\r\nPrivate Key Path: \/etc\/letsencrypt\/live\/web2.example.com\/privkey.pem\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>9. Restart your Apache to apply your changes<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >service apache2 restart<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>10. Test your SSL website use:<\/p>\n<div class=\"my-syntax-highlighter\">\n<pre><textarea id=\"mshighlighter\" class=\"mshighlighter\" language=\"shell\" name=\"mshighlighter\" >https:\/\/www.ssllabs.com\/ssltest\/<\/textarea><\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>For more information: <a href=\"https:\/\/letsencrypt.org\/\">Let\u2019s Encrypt Homepage<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let\u2019s Encrypt is an SSL certificate authority managed by the Internet Security Research Group (ISRG). It utilizes the Automated Certificate Management Environment (ACME) to automatically deploy free SSL certificates that are trusted by nearly all major browsers. 1. Update\/Upgrade your system sudo apt update &amp;&amp; sudo apt upgrade &nbsp; 2. Download and Install Lets Encrypt<a class=\"more-link\" href=\"https:\/\/camilalui.com\/?p=786\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_tec_slr_enabled":"","_tec_slr_layout":""},"categories":[30,36,27],"tags":[],"class_list":["post-786","post","type-post","status-publish","format-standard","hentry","category-linux","category-ssl","category-ubuntu"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9toiJ-cG","jetpack_likes_enabled":true,"jetpack-related-posts":[],"ticketed":false,"_links":{"self":[{"href":"https:\/\/camilalui.com\/index.php?rest_route=\/wp\/v2\/posts\/786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/camilalui.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/camilalui.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/camilalui.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/camilalui.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=786"}],"version-history":[{"count":7,"href":"https:\/\/camilalui.com\/index.php?rest_route=\/wp\/v2\/posts\/786\/revisions"}],"predecessor-version":[{"id":794,"href":"https:\/\/camilalui.com\/index.php?rest_route=\/wp\/v2\/posts\/786\/revisions\/794"}],"wp:attachment":[{"href":"https:\/\/camilalui.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=786"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/camilalui.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=786"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/camilalui.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}