Install let's encrypt certificates

hi there!

i got accepted to the let’s encrypt beta program. my question is now: how do i install these certs in yunohost?

There was already a test with let’s crypt…

I’m also part of the beta program, but i can’t test till next week…

thanks. in the confirmation mail from let’s encrypt was a howto:

Quick StartTo use Let’s Encrypt’s official client to obtain your real certificates, you will need to provide the production API URL on the command line: https://acme-v01.api.letsencrypt.org/directory
When running the Python client (installation directions [1]), be sure to specify the --serverargument as shown below: git clone GitHub - certbot/certbot: Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
cd letsencrypt
./letsencrypt-auto --agree-dev-preview --server
https://acme-v01.api.letsencrypt.org/directory certonly
If you are using a different ACME client, be sure to configure it to use the production URL in order to get valid certificates. Many clients will default to the staging URL.

it worked for one domain. with the other i have a A-DNS issue. need to check this…

bye

Hi,
You can check this, I did some test using the webroot authentification method.

https://dev.yunohost.org/issues/2

Up and running :smile:

@mr_smithers
Can you explain me instruction for the installation and backup for the certificates?
Is the process same for the regeneration of the certificates after three months?
Is it recognized with all major browsers?

Hey @kanhu .
I did the backup via ssh.
First stop nginx

service nginx stop

Than backup the files, u can use

tar -cf cert_backup.tar /etc/yunohost/certs/domain.tld/
cp /etc/nginx.conf.d/domain.tld.conf domain.ltd.backup

You replace “domain.tld” with your registered domain and you have the files cert files in the archive.tar file.
“cp” puts a copy of the file into “domain.ltd.backup”

If done use the commands you got via mail:

Quick Start

To use Let’s Encrypt’s official client to obtain your real certificates, you will need to provide the production API URL on the command line:

https://acme-v01.api.letsencrypt.org/directory.

When running the Python client (installation directions 1), be sure to specify the --server argument as shown below:

git clone GitHub - certbot/certbot: Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
cd letsencrypt
./letsencrypt-auto --agree-dev-preview --server
https://acme-v01.api.letsencrypt.org/directory certonly

If you are using a different ACME client, be sure to configure it to use the production URL in order to get valid certificates. Many clients will default to the staging URL.

At last you have two ways to use the certificate:

Start nginx again

service nginx start

…enjoy your new certificate…be aware that its only valid for 90 days, you should renew it before that date.
I did a test run with the same commands and it worked. But there is work in progress.

Works with chrome and firefox…

@mr_smithers Thanks
I did as you explained and it works.
Have you tested it with domains like example.damail.tld ?

@kanhu
No, only with www.domain.tld and domain.tld .
It looks like you have to apply for subdomains within the beta separately.