machine:scripts $ sudo certbot certonly -d subdomain.domain.org --manual
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for subdomain.domain.org
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: Y
-------------------------------------------------------------------------------
Make sure your web server displays the following content at
http://subdomain.domain.org/.well-known/acme-challenge/somelargetext before continuing:
somelargetext.blahblahblah
If you don't have HTTP server configured, you can run the following
command on the target server (as root):
mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd /tmp/certbot/public_html
printf "%s" somelargetext.blahblahblah > .well-known/acme-challenge/somelargetext
# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()"
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/subdomain.domain.org/fullchain.pem. Your cert
will expire on 2017-06-08. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
machine:scripts $ sudo ls -ltr /etc/letsencrypt/live/subdomain.domain.org
total 40
lrwxr-xr-x 1 root wheel 47 Mar 10 12:19 privkey.pem -> ../../archive/subdomain.domain.org/privkey1.pem
lrwxr-xr-x 1 root wheel 49 Mar 10 12:19 fullchain.pem -> ../../archive/subdomain.domain.org/fullchain1.pem
lrwxr-xr-x 1 root wheel 45 Mar 10 12:19 chain.pem -> ../../archive/subdomain.domain.org/chain1.pem
lrwxr-xr-x 1 root wheel 44 Mar 10 12:19 cert.pem -> ../../archive/subdomain.domain.org/cert1.pem
-rw-r--r-- 1 root wheel 543 Mar 10 12:19 README
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for subdomain.domain.org
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: Y
-------------------------------------------------------------------------------
Make sure your web server displays the following content at
http://subdomain.domain.org/.well-known/acme-challenge/somelargetext before continuing:
somelargetext.blahblahblah
If you don't have HTTP server configured, you can run the following
command on the target server (as root):
mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd /tmp/certbot/public_html
printf "%s" somelargetext.blahblahblah > .well-known/acme-challenge/somelargetext
# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()"
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/subdomain.domain.org/fullchain.pem. Your cert
will expire on 2017-06-08. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
machine:scripts $ sudo ls -ltr /etc/letsencrypt/live/subdomain.domain.org
total 40
lrwxr-xr-x 1 root wheel 47 Mar 10 12:19 privkey.pem -> ../../archive/subdomain.domain.org/privkey1.pem
lrwxr-xr-x 1 root wheel 49 Mar 10 12:19 fullchain.pem -> ../../archive/subdomain.domain.org/fullchain1.pem
lrwxr-xr-x 1 root wheel 45 Mar 10 12:19 chain.pem -> ../../archive/subdomain.domain.org/chain1.pem
lrwxr-xr-x 1 root wheel 44 Mar 10 12:19 cert.pem -> ../../archive/subdomain.domain.org/cert1.pem
-rw-r--r-- 1 root wheel 543 Mar 10 12:19 README
No comments:
Post a Comment
Thank you for your feedback