Letsencrypt Certbot

• Приступая к работе
• Certbot

$ host host3.mgtu.ru
host3.mgtu.ru has address 195.19.40.152

val@val:~$ mkdir hostN.mgtu

val@val:~$ cat hostN.mgtu/index.html

<h1>hostN.mgtu.ru</h1>

root@val:~# cat /etc/apache2/sites-available/hostN.mgtu.ru.conf

<VirtualHost *:80>
  ServerName hostN.mgtu.ru
  DocumentRoot /home/val/hostN.mgtu
  <Directory /home/val/hostN.mgtu>
    Require all granted
  </Directory>
</VirtualHost>

root@val:~# a2ensite hostN.mgtu.ru

root@val:~# apachectl -t

root@val:~# systemctl reload apache2

• http://hostN.mgtu.ru

ubuntu# snap install --classic certbot

debian# apt install certbot python3-certbot-apache

root@val:~# certbot certonly --manual -d hostN.mgtu.ru

Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): val@bmstu.ru
...
Create a file containing just this data:

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM

And make it available on your web server at this URL:

http://val.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
...
Press Enter to Continue

• !!! Оставляем эту и открываем новую консоль !!!

val@val:~$ mkdir -p hostN.mgtu/.well-known/acme-challenge/

val@val:~$ cat hostN.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM

val@val:~$ curl http://hostN.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

• !!! Возвращаемся в предыдущую консоль !!!

...
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/hostN.mgtu.ru/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/hostN.mgtu.ru/privkey.pem
...

root@val:~# cat /etc/apache2/sites-available/hostN.mgtu.ru.conf

...
<IfModule mod_ssl.c>
  <VirtualHost *:443>
  ServerName hostN.mgtu.ru
  DocumentRoot /home/val/hostN.mgtu
  <Directory /home/val/hostN.mgtu>
    Require all granted
  </Directory>
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/hostN.mgtu.ru/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/hostN.mgtu.ru/privkey.pem
</VirtualHost>

root@val:~# apachectl -t

root@val:~# systemctl reload apache2

• https://hostN.mgtu.ru

root@val:~# certbot certonly --manual -d hostN.mgtu.ru

Renewing an existing certificate for hostN.mgtu.ru

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM

And make it available on your web server at this URL:

http://hostN.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

val@val:~$ vim hostN.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM

val@val:~$ ###curl http://hostN.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

root@val:~# service apache2 reload