{"id":4576,"date":"2018-11-07T19:03:52","date_gmt":"2018-11-07T21:03:52","guid":{"rendered":"https:\/\/blog.clusterweb.com.br\/?p=4576"},"modified":"2018-11-07T19:04:23","modified_gmt":"2018-11-07T21:04:23","slug":"certbot","status":"publish","type":"post","link":"https:\/\/blog.clusterweb.com.br\/?p=4576","title":{"rendered":"Certbot"},"content":{"rendered":"<div class=\"install\">\n<h3>Install<\/h3>\n<p>Since it doesn&#8217;t seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:<\/p>\n<pre>wget https:\/\/dl.eff.org\/certbot-auto\r\nchmod a+x certbot-auto<\/pre>\n<p><tt>certbot-auto<\/tt>\u00a0accepts the same flags as\u00a0<tt>certbot<\/tt>; it installs all of its own dependencies and updates the client code automatically.<\/p>\n<p><strong>Certbot&#8217;s DNS plugins which can be used to automate obtaining a wildcard certificate from Let&#8217;s Encrypt&#8217;s ACMEv2 server are not available for your OS yet.<\/strong>\u00a0This should change soon but if you don&#8217;t want to wait, you can use these plugins now by\u00a0<a href=\"https:\/\/certbot.eff.org\/docs\/install.html#running-with-docker\">running Certbot in Docker<\/a>\u00a0instead of using the instructions on this page.<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<p><!--more--><\/p>\n<div class=\"get-started\">\n<h3>Get Started<\/h3>\n<p>Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates certificate installation.<\/p>\n<pre>$ sudo .\/path\/to\/certbot-auto --apache<\/pre>\n<p>Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you&#8217;re feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the\u00a0<tt>certonly<\/tt>subcommand:<\/p>\n<pre>$ sudo .\/path\/to\/certbot-auto --apache certonly<\/pre>\n<p>To learn more about how to use Certbot\u00a0<a href=\"https:\/\/certbot.eff.org\/docs\/\">read our documentation<\/a>.<\/p>\n<h3>Automating renewal<\/h3>\n<p>Certbot can be configured to renew your certificates automatically before they expire. Since Let&#8217;s Encrypt certificates last for 90 days, it&#8217;s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:<\/p>\n<pre>$ sudo .\/path\/to\/certbot-auto renew --dry-run\r\n<\/pre>\n<p>If that appears to be working correctly, you can arrange for automatic renewal by adding a\u00a0<tt><a href=\"http:\/\/www.unixgeeks.org\/security\/newbie\/unix\/cron-1.html\">cron job<\/a><\/tt>\u00a0or\u00a0<tt><a href=\"https:\/\/wiki.archlinux.org\/index.php\/Systemd\/Timers\">systemd timer<\/a><\/tt>\u00a0which runs the following:<\/p>\n<pre>.\/path\/to\/certbot-auto renew<\/pre>\n<aside class=\"note\">\n<h4>Note:<\/h4>\n<p>if you&#8217;re setting up a\u00a0<tt>cron<\/tt>\u00a0or\u00a0<tt>systemd<\/tt>\u00a0job, we recommend running it twice per day (it won&#8217;t do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let&#8217;s Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks.<\/p>\n<\/aside>\n<p>An example cron job might look like this, which will run at noon and midnight every day:<\/p>\n<pre>0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' &amp;&amp; .\/path\/to\/certbot-auto renew<\/pre>\n<p>More detailed information and options about renewal can be found in\u00a0<a href=\"https:\/\/certbot.eff.org\/docs\/using.html#renewal\">the full documentation<\/a>.<\/p>\n<div id=\"how-to-run-the-client\" class=\"section\">\n<h2>How to run the client<\/h2>\n<p>In many cases, you can just run\u00a0<code class=\"docutils literal notranslate\"><span class=\"pre\">certbot-auto<\/span><\/code>\u00a0or\u00a0<code class=\"docutils literal notranslate\"><span class=\"pre\">certbot<\/span><\/code>, and the client will guide you through the process of obtaining and installing certs interactively.<\/p>\n<p>For full command line help, you can type:<\/p>\n<div class=\"highlight-default notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"o\">.\/<\/span><span class=\"n\">certbot<\/span><span class=\"o\">-<\/span><span class=\"n\">auto<\/span> <span class=\"o\">--<\/span><span class=\"n\">help<\/span> <span class=\"nb\">all<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<p>You can also tell it exactly what you want it to do from the command line. For instance, if you want to obtain a cert for\u00a0<code class=\"docutils literal notranslate\"><span class=\"pre\">example.com<\/span><\/code>,\u00a0<code class=\"docutils literal notranslate\"><span class=\"pre\">www.example.com<\/span><\/code>, and\u00a0<code class=\"docutils literal notranslate\"><span class=\"pre\">other.example.net<\/span><\/code>, using the Apache plugin to both obtain and install the certs, you could do this:<\/p>\n<div class=\"highlight-default notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"o\">.\/<\/span><span class=\"n\">certbot<\/span><span class=\"o\">-<\/span><span class=\"n\">auto<\/span> <span class=\"o\">--<\/span><span class=\"n\">apache<\/span> <span class=\"o\">-<\/span><span class=\"n\">d<\/span> <span class=\"n\">example<\/span><span class=\"o\">.<\/span><span class=\"n\">com<\/span> <span class=\"o\">-<\/span><span class=\"n\">d<\/span> <span class=\"n\">www<\/span><span class=\"o\">.<\/span><span class=\"n\">example<\/span><span class=\"o\">.<\/span><span class=\"n\">com<\/span> <span class=\"o\">-<\/span><span class=\"n\">d<\/span> <span class=\"n\">other<\/span><span class=\"o\">.<\/span><span class=\"n\">example<\/span><span class=\"o\">.<\/span><span class=\"n\">net<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<p>(The first time you run the command, it will make an account, and ask for an email and agreement to the Let\u2019s Encrypt Subscriber Agreement; you can automate those with\u00a0<code class=\"docutils literal notranslate\"><span class=\"pre\">--email<\/span><\/code>\u00a0and\u00a0<code class=\"docutils literal notranslate\"><span class=\"pre\">--agree-tos<\/span><\/code>)<\/p>\n<p>If you want to use a webserver that doesn\u2019t have full plugin support yet, you can still use \u201cstandalone\u201d or \u201cwebroot\u201d plugins to obtain a certificate:<\/p>\n<div class=\"highlight-default notranslate\">\n<div class=\"highlight\">\n<pre><span class=\"o\">.\/<\/span><span class=\"n\">certbot<\/span><span class=\"o\">-<\/span><span class=\"n\">auto<\/span> <span class=\"n\">certonly<\/span> <span class=\"o\">--<\/span><span class=\"n\">standalone<\/span> <span class=\"o\">--<\/span><span class=\"n\">email<\/span> <span class=\"n\">admin<\/span><span class=\"nd\">@example<\/span><span class=\"o\">.<\/span><span class=\"n\">com<\/span> <span class=\"o\">-<\/span><span class=\"n\">d<\/span> <span class=\"n\">example<\/span><span class=\"o\">.<\/span><span class=\"n\">com<\/span> <span class=\"o\">-<\/span><span class=\"n\">d<\/span> <span class=\"n\">www<\/span><span class=\"o\">.<\/span><span class=\"n\">example<\/span><span class=\"o\">.<\/span><span class=\"n\">com<\/span> <span class=\"o\">-<\/span><span class=\"n\">d<\/span> <span class=\"n\">other<\/span><span class=\"o\">.<\/span><span class=\"n\">example<\/span><span class=\"o\">.<\/span><span class=\"n\">net<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<div id=\"understanding-the-client-in-more-depth\" class=\"section\">\n<h2>Understanding the client in more depth<\/h2>\n<p>To understand what the client is doing in detail, it\u2019s important to understand the way it uses plugins. Please see the\u00a0<a class=\"reference external\" href=\"https:\/\/certbot.eff.org\/docs\/using.html#plugins\">explanation of plugins<\/a>\u00a0in the User Guide.<\/p>\n<div id=\"links\" class=\"section\">\n<h3>Links<\/h3>\n<p>Documentation:\u00a0<a class=\"reference external\" href=\"https:\/\/certbot.eff.org\/docs\">https:\/\/certbot.eff.org\/docs<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Install Since it doesn&#8217;t seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy: wget https:\/\/dl.eff.org\/certbot-auto chmod a+x certbot-auto certbot-auto\u00a0accepts the same flags as\u00a0certbot; it installs all of its own dependencies and updates the client code automatically. Certbot&#8217;s DNS plugins which can be used [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[455,730,1,830,51,1238],"tags":[1079,1243,1242,1239,1202,923,1241,983,1240],"class_list":["post-4576","post","type-post","status-publish","format-standard","hentry","category-apache2","category-clusterweb","category-viazap","category-debian","category-linux-linuxrs","category-ssl","tag-automatically","tag-certbot","tag-effs","tag-enable","tag-https","tag-on","tag-website","tag-with","tag-your"],"_links":{"self":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4576"}],"version-history":[{"count":2,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4576\/revisions"}],"predecessor-version":[{"id":4578,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4576\/revisions\/4578"}],"wp:attachment":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}