Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
developer:letsencrypt [2016/02/26 04:25]
Giacomo Sanchietti [How it works]
developer:letsencrypt [2016/04/19 17:45]
Filippo Carletti [How it works]
Line 3: Line 3:
 **This documents is ONLY for NethServer 6** **This documents is ONLY for NethServer 6**
  
-From https://​letsencrypt.readthedocs.org1:+From https://​letsencrypt.readthedocs.org:
  
 >The Let’s Encrypt Client is a fully-featured,​ extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol) that can automate >the tasks of obtaining certificates and configuring webservers to use them. >The Let’s Encrypt Client is a fully-featured,​ extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol) that can automate >the tasks of obtaining certificates and configuring webservers to use them.
Line 18: Line 18:
 1. The server must be reachable from outside at port 80. 1. The server must be reachable from outside at port 80.
  
-   Make sure your port 80 is open to the public Internet, you can check with sites like http://​www.canyouseeme.org/​4)+   Make sure your port 80 is open to the public Internet, you can check with sites like http://​www.canyouseeme.org/​)
  
 2. The fully qualified name (FQDN) of the server must be a public domain name associated to its own public IP. 2. The fully qualified name (FQDN) of the server must be a public domain name associated to its own public IP.
  
-   Make sure you have a public DNS name pointing to your server, you can check with sites like http://​viewdns.info/​5)+   Make sure you have a public DNS name pointing to your server, you can check with sites like http://​viewdns.info/​)
  
 ====== How it works ====== ====== How it works ======
Line 34: Line 34:
 **Example** **Example**
  
-The server FQDN is: ''​server.nethserver.org''​ . +The server FQDN is: ''​server.nethserver.org''​ with public IP ''​1.2.3.4''​.
 But you want to access the server also using this names (aliases):''​ mail.nethserver.org''​ and ''​www.nethserver.org''​. But you want to access the server also using this names (aliases):''​ mail.nethserver.org''​ and ''​www.nethserver.org''​.
  
 +To make it work, the server must:
 +
 +* have the port 80 open to the public internet: if you access http://​1.2.3.4 from a remote site you must see NethServer landing page
 +* have a DNS public record for ''​server.nethserver.org'',​ ''​mail.nethserver.org''​ and ''​www.nethserver.org''​. All DNS records must point to the same server (it may have multiple public IP addresses, though)
  
 ====== Installation ====== ====== Installation ======
Line 71: Line 74:
 <​file>​ <​file>​
 db hosts setprop alias.mydomain.com LetsEncrypt enabled db hosts setprop alias.mydomain.com LetsEncrypt enabled
 +</​file>​
 +
 +
 +===== Options =====
 +
 +You can customize the following options by using config command:
 +
 +* ''​LetsEncryptMail'':​ if set, Let's Encrypt will send notification about your certificate to this mail address (this must be set before executing the letsencrypt-certs script for the first time!)
 +* ''​LetsEncryptRenewDays'':​ minimum days before expiration to automatically renew certificate (default: 30)
 +
 +Example:
 +
 +<​file>​
 +config setprop pki LetsEncryptMail admin@mydomain.com
 </​file>​ </​file>​
 ===== Test certificate creation ===== ===== Test certificate creation =====
Line 116: Line 133:
  
  
-===== Options ===== +{{tag>​userguide ​letsencrypt ​developer ht_testing dev_tips}}
- +
-You can customize the following options by using config command: +
- +
-* ''​LetsEncryptMail'':​ if set, Let's Encrypt will send notification about your certificate to this mail address (this must be set before executing the letsencrypt-certs script for the first time!) +
-* ''​LetsEncryptRenewDays'':​ minimum days before expiration to automatically renew certificate (default: 30) +
- +
-Example: +
- +
-<​file>​ +
-config setprop pki LetsEncryptMail admin@mydomain.com +
-</​file>​+