Friday, March 10, 2017

Using LetsEncrypt for free SSL/TLS Certificates

machine:scripts $ sudo certbot certonly -d --manual 
Sorry, try again.
Sorry, try again.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
(Y)es/(N)o: Y

Make sure your web server displays the following content at before continuing:


If you don't have HTTP server configured, you can run the following
command on the target server (as root):

mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd /tmp/certbot/public_html
printf "%s" somelargetext.blahblahblah > .well-known/acme-challenge/somelargetext
# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ Your cert
   will expire on 2017-06-08. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

machine:scripts $ sudo ls -ltr /etc/letsencrypt/live/
total 40
lrwxr-xr-x  1 root  wheel   47 Mar 10 12:19 privkey.pem -> ../../archive/
lrwxr-xr-x  1 root  wheel   49 Mar 10 12:19 fullchain.pem -> ../../archive/
lrwxr-xr-x  1 root  wheel   45 Mar 10 12:19 chain.pem -> ../../archive/
lrwxr-xr-x  1 root  wheel   44 Mar 10 12:19 cert.pem -> ../../archive/
-rw-r--r--  1 root  wheel  543 Mar 10 12:19 README