Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [lets-encrypt]

Let's Encrypt is a certificate authority that provides free X.509 certificates for TLS encryption.

Let's Encrypt is a certificate authority that entered public beta on December 3, 2015 that provides free X.509 certificates for Transport Layer Security encryption (TLS) via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation and renewal of certificates for secure websites.

An Python certificate management program called letsencrypt gets installed on the client side (the web server of an enrollee). This is used to order the certificate, to conduct the domain validation process, to install the certificate, to configure the HTTPS encryption in the HTTP server, and later to regularly renew the certificate.

After installation and agreeing to the user license, executing a single command is enough to get a valid certificate installed. Additional options like OCSP stapling or HTTP Strict Transport Security (HSTS) can also be enabled. Automatic setup initially only works with Apache and nginx.

Source: Wikiepdia

769 questions
231
votes
10 answers

How to use Let's Encrypt DNS challenge validation?

Let's Encrypt has announced they have: Turned on support for the ACME DNS challenge How do I make ./letsencrypt-auto generate a new certificate using DNS challenge domain validation? EDIT I mean: How do I avoid http/https port binding, by using…
Pierre Prinetti
  • 2,445
  • 3
  • 12
  • 9
145
votes
12 answers

Cron job for let's encrypt renewal

Is this correct way to set cron for renewal of Let's Encrypt cert in Apache2 ? I use Ubuntu 16.04. @monthly letsencrypt renew && service apache2 reload
user3448600
  • 1,449
  • 2
  • 12
  • 12
53
votes
2 answers

Lets Encrypt with an nginx reverse proxy

Introduction I have a dev server (currently running Ubuntu 14.04 LTS), which I have been using for a while now for hosting various development tools on different ports. Because the ports can be hard to remember I have decided to to use port 80 for…
0x450
  • 633
  • 1
  • 6
  • 7
35
votes
5 answers

SSL & Ngnix: no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking

I have managed to create my certificates with LE with not errors, I have also managed to redirect my traffic from port 80 to port 443. But when i reload my nginx server I am unable to access my website. The Ngnix error logs show this line: 4 no…
0xtuytuy
  • 473
  • 1
  • 4
  • 6
30
votes
5 answers

Nginx disable .htaccess and hidden files but allow .well-known directory

I have a Nginx server, and disabled hidden files in the nginx_vhost.conf ## Disable .htaccess and other hidden files location ~ /\. { deny all; access_log off; log_not_found off; } But LetsEncrypt needs access to the…
Janghou
  • 455
  • 1
  • 4
  • 7
30
votes
5 answers

how do I change the admin email for let's encrypt?

The email address used as the admin email when we started using let's encrypt needs to be modified (a former employee used his personal email address as the admin email and he is no longer with the firm). What steps need to be taken to get that…
ali haider
  • 1,120
  • 3
  • 15
  • 26
25
votes
3 answers

Certbot letsencrypt on different port than 443

I want to set up certbot for a webserver on a different port than 443. I got the following error when running certbot --apache -d .. Failed authorization procedure. sub.domain.ext (tls-sni-01): urn:acme:error:connection :: The…
CaptainJack
  • 353
  • 1
  • 3
  • 5
21
votes
2 answers

How can Let's Encrypt verify the identity over insecure http?

I just started using Let's Encrypt. The http-01-challenge is simple enough: Make a webserver respond to http://example.com Ask Let's Encrypt for a challenge-file Provide the file unter http://example.com/.well-known/acme-challenge Receive the…
Andreas
  • 393
  • 4
  • 11
20
votes
6 answers

Client on Debian 9 erroneously reports expired certificate for letsencrypt-issued domain

If I try to access our HTTPS server that has certbot-issued certificate from debian 9, I get the following error: # curl -v https://hu.dbpedia.org/ * Trying 195.111.2.82... * TCP_NODELAY set * Connected to hu.dbpedia.org (195.111.2.82) port…
P.Péter
  • 499
  • 2
  • 6
  • 17
18
votes
2 answers

Redirect all requests to HTTPS, except for one subdirectory

I'm trying to move from self-signed certificates to Let's Encrypt certificates on my nginx webserver. Currently, I redirect all requests to http/80 to https/443, which uses a self signed certificate I created a while ago. Now - from what I…
SaAtomic
  • 329
  • 2
  • 10
17
votes
2 answers

Why not validate self signed certificates through DNS-record instead of letsencrypt

I was just wondering. We use a lot of SSL certificates. Nowadays, we almost exclusively use letsencrypt (thanks!). The bottom line of these certificates is, that proof of ownership of the domain name(s) on the certificate comes from the power to…
Jelmer Jellema
  • 311
  • 2
  • 8
17
votes
1 answer

How to setup coturn with letsencrypt

Giving this setup: A Nginx is providing a .well-known folder listening on port 80/443 on the server to exchange the chellange for Letsencrypt. The certificate is created properly and can be used e.g. in mentioned Nginx. When trying to make usage…
frlan
  • 563
  • 5
  • 27
17
votes
1 answer

Let's Encrypt certbot validation over HTTPS

Update: The original SNI challenge type has been disabled. There is a new more secure SNI challenge type with limited server support. SNI is not likely a suitable option for small sites. I have configured HTTP to allow /.well-known/ over HTTP and…
Daniel F
  • 343
  • 3
  • 16
16
votes
5 answers

Let's Encrypt SSL Certificate File Not Found Error, but still working

I'm running SSL Certificates from Let's Encrypt. I've got them installed on my Ubuntu machine running Apache. The setup works fine and I can launch the website, see the green padlock and even got an A+ on SSL Labs. The problem is that when I do…
jarvis
  • 1,956
  • 4
  • 17
  • 31
14
votes
1 answer

Renew domains using certbot and using DNS challenge

I created several SSL certificates for several domains using the standalone method. I am only interested in the certificates, without server integration. They are now for renewal. So, I ran: certbot -d example.com --manual --preferred-challenges dns…
Merc
  • 719
  • 1
  • 6
  • 16
1
2 3
51 52