Changes

Changes

2,193 bytes added , 02:25, 8 May 2017

no edit summary

Line 48: Line 48:

===Installation===

−

yum install smeserver-letsencrypt --enablerepo=~~smedev~~

yum install smeserver-letsencrypt --enablerepo=smecontribs

−

~~signal-event post-upgrade && signal-event reboot~~

you will then need to configure the domains and hosts for which you want to ask a certificate. See the following Configuration menu.

===Configuration===

Line 58: Line 59:

* Are configured on your SME Server (e.g., through the Server Manager), and

* Are configured to use Let's Encrypt.

{{Warning box| Your server must be accessible from the Internet and the domains and hosts you are asking for a certificate should resolve to your domain. Having only one domain or host in the list you ask a certificate for that fails to resolve and point to your server from the internet will result in a failure to obtain a certificate. Please consider that by default SME will add some subdomains for your domain you configure on it such as ftp.mydomain.tld, mail.mydomain.tld, wpad.mydomain.tld, proxy.mydomain.tld, $HOSTNAME.mydomain.tld and www.mydomain.tld. If you configure the contrib to issue a certificate for all of those take the time to configure them all at your DNS hosting service to point to your server.}}

For example, your SME Server may contain the following domains and hostnames:

Line 94: Line 97:

You can also set the length of your certificate's private key, if you don't want the default of 4096 bits. This should not be necessary in most cases, but if desired, use this command to do so:

config setprop letsencrypt keysize NUMBER

===Accept Let's Encrypt terms ===

Please first read the condition terms for using Let's Encrypt [[https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]]

config setprop letsencrypt ACCEPT_TERMS yes

===Enable Test Mode===

Line 107: Line 114:

===Enable Production Mode===

Once you've successfully tested your installation, set it to production mode using these commands:

move previous certificates:

mkdir /etc/dehydrated/certs.test

mv /etc/dehydrated/certs/* /etc/dehydrated/certs.test

then prepare to ask the real ones:

config setprop letsencrypt status enabled

signal-event console-save

Line 118: Line 131:

Once you've obtained your certificate and configured your server, test your server with a tool like [https://www.ssllabs.com/ssltest/ SSLLabs.com] to make sure it's working properly.

===Rush jobs===

for the test ('''adjust the domains and hosts'''):

config setprop ACCEPT_TERMS yes status test

#foreach of your domains you want SSL do the following

db domains setprop '''domain1.com''' letsencryptSSLcert enabled

#foreach of your hosts (subdomains) you want SSL do the following

db hosts setprop '''www.domain1.com''' letsencryptSSLcert enabled

signal-event console-save

dehydrated -c

Check that the certificates are available ( your browser will still issue an error, but you can explore the content of the certificate to see that the Let's Encrypt test CA was used to sign your SSL certificate and that all your domains and hosts are in the "Certificate Subject Alt Name" property, except the first one that is the name of the certificate.

for the production ('''adjust your email'''):

config setprop status enabled email '''admin@domain1.com'''

signal-event console-save

mkdir /etc/dehydrated/certs.test

mv /etc/dehydrated/certs/* /etc/dehydrated/certs.test

dehydrated -c -x

==Manual Installation of Dehydrated==

Unnilennium

Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators

3,250

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/33386"

Letsencrypt (view source)

Revision as of 02:25, 8 May 2017

Navigation menu

Search