diff options
author | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2019-01-18 21:06:52 +0700 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2019-01-18 21:09:58 +0700 |
commit | f814a77d8a1e8265bf1aa428f8dcb853ab3e56f2 (patch) | |
tree | c75d0f97f08f03769e73b00c76095b0060a87ce9 /system/letsencrypt | |
parent | 35cd005073fd3061d4ce79ebba758e414d5f869d (diff) |
system/letsencrypt: Update README.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system/letsencrypt')
-rw-r--r-- | system/letsencrypt/README.Slackware | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware index 0558cc5ba75a9..c74561a81ed75 100644 --- a/system/letsencrypt/README.Slackware +++ b/system/letsencrypt/README.Slackware @@ -1,14 +1,19 @@ PLUGINS SUPPORT -letsencrypt support five plugins to obtain/install certificates and many more to come in the future. +letsencrypt support multiple plugins to obtain/install certificates and many more to come in the future. Using apache plugin is the recommended way as it doesn't require the webserver to be taken offline causing downtime during validation. -All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME> +All domain-spesific configuration files are stored in /etc/letsencrypt/renewal/<DOMAIN-NAME> Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf Since 0.14.1, letsencrypt is able to generate/renew all certificates for all of your configured vhost domains. Just run letsencrypt or certbot and you will see all domains are available. +VALIDATION METHODS +Letsencrypt have several validation method, but the preferred solution for now is HTTP-01 and DNS-01. +TLS-SNI-01 will be deprecated per February 13, 2019 +(https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209) + RENEWAL PROCESS Best way to automate the certificate renewal is by using cron service. Create a bash script in /etc/cron.monthly that does the following actions: @@ -16,7 +21,7 @@ Create a bash script in /etc/cron.monthly that does the following actions: RATE LIMIT Rate limit on registrations per IP is now 500 per 3 hours. -Rate limit on certificates per Domain is now 20 per 7 days. +Rate limit on certificates per Domain is now 50 per 7 days. See complete documentation here: https://letsencrypt.org/docs/rate-limits/ CONFIGURATION FILES |