(05-06-2016, 03:22 AM)Me.B Wrote: In case you want SSL but still use cloudflare:
https://support.cloudflare.com/hc/en-us/...CloudFlare
As this method would be also interesting for creating SSL certificates without the need to restart apache. The first method will require you stop apache and use the standalone builtin server to validate the certificate.
So in my case let's say I have a user: myuser and domain: mydomain.com. I wish to generate an SSL certificate for www.mydomain.com and mydomain.com as SSL certificates are bind to specific url's.
I can do that in 1 command without restarting apache as let's encrypt client will set a fil in webroot to validate the domain and then generate the SSL certificate ( could work so here behind cloudflare or any reverse proxy).
Code:./letsencrypt-auto certonly --webroot --webroot-path /var/sentora/hostdata/myuser/public_html/mydomain --renew-by-default --email me@email.com --text --agree-tos -d mydomain.com -d www.mydomain.com
You can even create a shell script that would grab the var myuser and mydomain. Notice the /var/sentora/hostdata/myuser/public_html/mydomain must be the root path for your domain.
In case we want to create an SSL for sentora then all we have to do is changing the root path and domain:
Code:./letsencrypt-auto certonly --webroot --webroot-path /etc/sentora/panel --renew-by-default --email me@email.com --text --agree-tos -d panel.mydomain.com
Don't forget to restart apache after you validate/renew the certificate.
Also for a all certificates renewal later all you have to do is :
Code:./letsencrypt renew --dry-run
This will work fine as long you did the pervious method, as let's encrypt client will keep in DB the old certificates root and will try to renew them.
Also if you don't use any more a certificate you can revoke it, so it's no more renewed:
Code:./letsencrypt-auto revoke --cert-path /etc/letsencrypt/live/mydomain.com/cert.pem
rm -rf /etc/letsencrypt/renewal/mydomain.conf
So you revoke the certificate and remove it from renewal pool. If you want it back you can recreate it.
M B
@[TGates] may be we should update the first how to no?
Please notice you will face issues if your webdomain is not public in case in intranet or URL is requiring authentification or using ip authentification. In case you have IP white-listing or realm all you have to is set public: .well-known/ folder in your website that will fix it. For intranet may be using a reverse proxy will help over that.
Docs: (PDF)
https://media.readthedocs.org/pdf/letsen...ncrypt.pdf
Is your how-to cloudflare specific or will it work on all domains? If cloudflare, then make another How-To but for cloudflare
