aboutsummaryrefslogtreecommitdiff
path: root/system/letsencrypt/README.Slackware
diff options
context:
space:
mode:
authorWilly Sudiarto Raharjo <willysr@slackbuilds.org>2015-12-09 15:27:01 +0700
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2015-12-09 15:29:21 +0700
commitbd51ca2b0e50a43336f224d94fc2ab859525326a (patch)
tree35d25ba045bb56c211a405d3315d313ea385d6d5 /system/letsencrypt/README.Slackware
parent69f266f1887cec23ac3ba8366956f2ac5ff889ce (diff)
system/letsencrypt: Added (Manage X.509 certificates).
Signed-Off-by: Robby Workman <rworkman@slackbuilds.org> Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system/letsencrypt/README.Slackware')
-rw-r--r--system/letsencrypt/README.Slackware73
1 files changed, 73 insertions, 0 deletions
diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware
new file mode 100644
index 000000000000..aba34175809a
--- /dev/null
+++ b/system/letsencrypt/README.Slackware
@@ -0,0 +1,73 @@
+PLUGIN SUPPORT
+letsencrypt support five plugins to obtain/install certificates and many more to come in the future.
+However, we will only cover standalone plugin because apache plugin only works on Debian-based OS for now
+and nginx is still considered very experimental.
+
+OBTAINING CERTIFICATE USING STANDALONE PLUGIN
+Since Slackware is not yet supported, instead of running "letsencrypt-auto certonly"
+as instructed, you can run "letsencrypt certonly" to install certificates manually using standalone plugin.
+
+Here's what i use to create a certificate using port 443 for domain validation
+letsencrypt certonly --webroot-path=<DOCUMENT-ROOT> --standalone-supported-challenges tls-sni-01 -d <DOMAIN-NAME> \
+--email <ADMIN-EMAIL> --renew-by-default --agree-tos --text --standalone
+
+If you want to use port 80 for domain validation, replace
+--standalone-supported-challenges tls-sni-01
+with
+--standalone-supported-challenges http-01
+
+NOTE:
+You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to
+temporarily stop your exising webserver)
+All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
+
+Once certificate is created, you need to enable and configure httpd-ssl.conf
+
+RENEWAL PROCESS
+Best way is to use a simple bash script that perform following actions:
+- turn off httpd service
+- give some delay (2s is enough)
+- run the above command to renew automatically
+- start httpd service
+
+RATE LIMIT
+Rate limit on registrations per IP is now 10 per 3 hours.
+Rate limit on certificates per Domain is now 5 per 7 days.
+
+CONFIGURATION FILES
+
+It is possible to specify configuration file with letsencrypt --config cli.ini (or shorter -c cli.ini).
+An example configuration file is shown below:
+
+# This is an example of the kind of things you can do in a configuration file.
+# All flags used by the client can be configured here. Run Let's Encrypt with
+# "--help" to learn more about the available options.
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+server = https://acme-staging.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+# email = foo@example.com
+
+# Uncomment and update to generate certificates for the specified
+# domains.
+# domains = example.com, www.example.com
+
+# Uncomment to use a text interface instead of ncurses
+# text = True
+
+# Uncomment to use the standalone authenticator on port 443
+# authenticator = standalone
+# standalone-supported-challenges = tls-sni-01
+
+# Uncomment to use the webroot authenticator. Replace webroot-path with the
+# path to the public_html / webroot folder being served by your web server.
+# authenticator = webroot
+# webroot-path = /usr/share/nginx/html
+
+By default, the following locations are searched:
+/etc/letsencrypt/cli.ini
+$XDG_CONFIG_HOME/letsencrypt/cli.ini (or ~/.config/letsencrypt/cli.ini if $XDG_CONFIG_HOME is not set).