LoFa
Add
Login
Search
Title:
Tag1 for Path:
a single word in lower characters
Tag2 for Path:
List of alternative single tags:
one or many words in lower characters, separated by comma or space
Text:
<p>Installing letsencrypt.sh is very easy. Just issue this command:</p> <code>cd /usr/ports/security/letsencrypt.sh/ && make install clean </code> <p>Lets have a look at the default variables used by letsencrypt.sh:</p> <code>/usr/local/bin/letsencrypt.sh --env </code> <samp> # letsencrypt.sh configuration # # !! WARNING !! No main config file found, using default config! # declare -- CA="https://acme-v01.api.letsencrypt.org/directory" declare -- LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" declare -- CHALLENGETYPE="http-01" declare -- HOOK="" declare -- HOOK_CHAIN="no" declare -- RENEW_DAYS="30" declare -- ACCOUNT_KEY="/usr/local/bin/private_key.pem" declare -- ACCOUNT_KEY_JSON="/usr/local/bin/private_key.json" declare -- KEYSIZE="4096" declare -- WELLKNOWN="/usr/local/bin/.acme-challenges" declare -- PRIVATE_KEY_RENEW="yes" declare -- OPENSSL_CNF="/etc/ssl/openssl.cnf" declare -- CONTACT_EMAIL="" declare -- LOCKFILE="/usr/local/bin/lock" </samp> <p>Next we need to update nginx configuration. The directory "WELLKNOWN" as defined in the previous step must exist and must be readable by nginx. In the configuration files vhost/.... for this domain we need those adjustments:</p> <code> server { listen...... location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; # this directory must exists and is identical to WELLKNOWN: alias /usr/local/bin/.acme-challenges/; } </code> <p>Restart nginx to make the adjustment active:</p> <code>service nginx restart </code> <p>Generate the certificate as follows:</p> <code> /usr/local/bin/letsencrypt.sh --cron --domain www.lf24.com --challenge http-01 </code> <samp> # # !! WARNING !! No main config file found, using default config! # Processing www.lf24.com + Signing domains... + Generating private key... + Generating signing request... + Requesting challenge for www.lf24.com... + Responding to challenge for www.lf24.com... + Challenge is valid! + Requesting certificate... + Checking certificate... + Done! + Creating fullchain.pem... + Done! </samp> <p>Last but not least, update your webserver's vhost file</p> <pre> server { listen 80 ; listen 443 ssl http2; server_name www.lf24.com; client_max_body_size 10M; # max size for uploading image files client_body_buffer_size 10M; # ava 20160501 index index.php; server_tokens off; ssl on; ssl_certificate /usr/local/bin/certs/www.lf24.com/fullchain.pem; ssl_certificate_key /usr/local/bin/certs/www.lf24.com/privkey.pem; ssl_trusted_certificate /usr/local/bin/certs/www.lf24.com/fullchain.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; </pre>
URL:
Operation:
Delete
Update
Insert
Template Prompt