Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
developer:letsencrypt [2016/02/26 04:31]
Filippo Carletti
developer:letsencrypt [2016/04/19 17:46] (current)
Filippo Carletti [Obtaining a valid certificate]
Line 18: Line 18:
 1. The server must be reachable from outside at port 80. 1. The server must be reachable from outside at port 80.
  
-   Make sure your port 80 is open to the public Internet, you can check with sites like http://​www.canyouseeme.org/​4)+   Make sure your port 80 is open to the public Internet, you can check with sites like http://​www.canyouseeme.org/​)
  
 2. The fully qualified name (FQDN) of the server must be a public domain name associated to its own public IP. 2. The fully qualified name (FQDN) of the server must be a public domain name associated to its own public IP.
  
-   Make sure you have a public DNS name pointing to your server, you can check with sites like http://​viewdns.info/​5)+   Make sure you have a public DNS name pointing to your server, you can check with sites like http://​viewdns.info/​)
  
 ====== How it works ====== ====== How it works ======
Line 40: Line 40:
  
 * have the port 80 open to the public internet: if you access http://​1.2.3.4 from a remote site you must see NethServer landing page * have the port 80 open to the public internet: if you access http://​1.2.3.4 from a remote site you must see NethServer landing page
-* have a DNS public record for ''​server.nethserver.org'',​ ''​mail.nethserver.org''​ and ''​www.nethserver.org''​. All DNS records must point to the public IP address ''​1.2.3.4''​+* have a DNS public record for ''​server.nethserver.org'',​ ''​mail.nethserver.org''​ and ''​www.nethserver.org''​. All DNS records must point to the same server (it may have multiple ​public IP addresses, though)
  
 ====== Installation ====== ====== Installation ======
Line 74: Line 74:
 <​file>​ <​file>​
 db hosts setprop alias.mydomain.com LetsEncrypt enabled db hosts setprop alias.mydomain.com LetsEncrypt enabled
 +</​file>​
 +
 +
 +===== Options =====
 +
 +You can customize the following options by using config command:
 +
 +* ''​LetsEncryptMail'':​ if set, Let's Encrypt will send notification about your certificate to this mail address (this must be set before executing the letsencrypt-certs script for the first time!)
 +* ''​LetsEncryptRenewDays'':​ minimum days before expiration to automatically renew certificate (default: 30)
 +
 +Example:
 +
 +<​file>​
 +config setprop pki LetsEncryptMail admin@mydomain.com
 </​file>​ </​file>​
 ===== Test certificate creation ===== ===== Test certificate creation =====
Line 107: Line 121:
 ===== Obtaining a valid certificate ===== ===== Obtaining a valid certificate =====
  
-If your configuration has been validated by the testing ​ step, you're ready to request a new valid certificate.+If your configuration has been validated by the testing step, you're ready to request a new valid certificate.
 Execute the following script against the real Let's Encrypt server: Execute the following script against the real Let's Encrypt server:
  
Line 116: Line 130:
 **Done!** ​ **Done!** ​
  
-//Access your http server and check you'​r ​certificate is valid.//+//Access your http server and check your certificate is valid.//
  
  
-===== Options ===== +{{tag>​userguide ​letsencrypt ​developer ht_testing dev_tips}}
- +
-You can customize the following options by using config command: +
- +
-* ''​LetsEncryptMail'':​ if set, Let's Encrypt will send notification about your certificate to this mail address (this must be set before executing the letsencrypt-certs script for the first time!) +
-* ''​LetsEncryptRenewDays'':​ minimum days before expiration to automatically renew certificate (default: 30) +
- +
-Example: +
- +
-<​file>​ +
-config setprop pki LetsEncryptMail admin@mydomain.com +
-</​file>​+