Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
developer:letsencrypt [2016/02/26 04:24]
Giacomo Sanchietti [How it works]
developer:letsencrypt [2016/04/19 17:46] (current)
Filippo Carletti [Obtaining a valid certificate]
Line 3: Line 3:
 **This documents is ONLY for NethServer 6** **This documents is ONLY for NethServer 6**
  
-From https://​letsencrypt.readthedocs.org1:+From https://​letsencrypt.readthedocs.org:
  
 >The Let’s Encrypt Client is a fully-featured,​ extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol) that can automate >the tasks of obtaining certificates and configuring webservers to use them. >The Let’s Encrypt Client is a fully-featured,​ extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol) that can automate >the tasks of obtaining certificates and configuring webservers to use them.
Line 18: Line 18:
 1. The server must be reachable from outside at port 80. 1. The server must be reachable from outside at port 80.
  
-   Make sure your port 80 is open to the public Internet, you can check with sites like http://​www.canyouseeme.org/​4)+   Make sure your port 80 is open to the public Internet, you can check with sites like http://​www.canyouseeme.org/​)
  
 2. The fully qualified name (FQDN) of the server must be a public domain name associated to its own public IP. 2. The fully qualified name (FQDN) of the server must be a public domain name associated to its own public IP.
  
-   Make sure you have a public DNS name pointing to your server, you can check with sites like http://​viewdns.info/​5)+   Make sure you have a public DNS name pointing to your server, you can check with sites like http://​viewdns.info/​)
  
 ====== How it works ====== ====== How it works ======
Line 34: Line 34:
 **Example** **Example**
  
-The server FQDN is: //server.nethserver.org// +The server FQDN is: ''​server.nethserver.org''​ with public IP ''​1.2.3.4''​. 
-But you want to access the server also using this names (aliases): ​//mail.nethserver.org//, //www.nethserver.org//.+But you want to access the server also using this names (aliases):'' ​mail.nethserver.org''​ and ''​www.nethserver.org''​.
  
 +To make it work, the server must:
 +
 +* have the port 80 open to the public internet: if you access http://​1.2.3.4 from a remote site you must see NethServer landing page
 +* have a DNS public record for ''​server.nethserver.org'',​ ''​mail.nethserver.org''​ and ''​www.nethserver.org''​. All DNS records must point to the same server (it may have multiple public IP addresses, though)
  
 ====== Installation ====== ====== Installation ======
Line 70: Line 74:
 <​file>​ <​file>​
 db hosts setprop alias.mydomain.com LetsEncrypt enabled db hosts setprop alias.mydomain.com LetsEncrypt enabled
 +</​file>​
 +
 +
 +===== Options =====
 +
 +You can customize the following options by using config command:
 +
 +* ''​LetsEncryptMail'':​ if set, Let's Encrypt will send notification about your certificate to this mail address (this must be set before executing the letsencrypt-certs script for the first time!)
 +* ''​LetsEncryptRenewDays'':​ minimum days before expiration to automatically renew certificate (default: 30)
 +
 +Example:
 +
 +<​file>​
 +config setprop pki LetsEncryptMail admin@mydomain.com
 </​file>​ </​file>​
 ===== Test certificate creation ===== ===== Test certificate creation =====
Line 103: Line 121:
 ===== Obtaining a valid certificate ===== ===== Obtaining a valid certificate =====
  
-If your configuration has been validated by the testing ​ step, you're ready to request a new valid certificate.+If your configuration has been validated by the testing step, you're ready to request a new valid certificate.
 Execute the following script against the real Let's Encrypt server: Execute the following script against the real Let's Encrypt server:
  
Line 112: Line 130:
 **Done!** ​ **Done!** ​
  
-//Access your http server and check you'​r ​certificate is valid.//+//Access your http server and check your certificate is valid.//
  
  
-===== Options ===== +{{tag>​userguide ​letsencrypt ​developer ht_testing dev_tips}}
- +
-You can customize the following options by using config command: +
- +
-* ''​LetsEncryptMail'':​ if set, Let's Encrypt will send notification about your certificate to this mail address (this must be set before executing the letsencrypt-certs script for the first time!) +
-* ''​LetsEncryptRenewDays'':​ minimum days before expiration to automatically renew certificate (default: 30) +
- +
-Example: +
- +
-<​file>​ +
-config setprop pki LetsEncryptMail admin@mydomain.com +
-</​file>​+