Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [lets-encrypt]

Let's Encrypt is a certificate authority that provides free X.509 certificates for TLS encryption.

Let's Encrypt is a certificate authority that entered public beta on December 3, 2015 that provides free X.509 certificates for Transport Layer Security encryption (TLS) via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation and renewal of certificates for secure websites.

An Python certificate management program called letsencrypt gets installed on the client side (the web server of an enrollee). This is used to order the certificate, to conduct the domain validation process, to install the certificate, to configure the HTTPS encryption in the HTTP server, and later to regularly renew the certificate.

After installation and agreeing to the user license, executing a single command is enough to get a valid certificate installed. Additional options like OCSP stapling or HTTP Strict Transport Security (HSTS) can also be enabled. Automatic setup initially only works with Apache and nginx.

Source: Wikiepdia

822 questions
2
votes
1 answer

Let's Encrypt Expiry Bot (certificate expiration notice)

I use Let's Encrypt on Ubuntu 17.10 server with Apache HTTP server. In crontab I have: 15 3 * * * /usr/bin/certbot renew If I check expire date with: sudo certbot certificate I get report for my two certificates with expire date 2018-03-18. So…
JanezKranjski
  • 133
  • 1
  • 8
2
votes
1 answer

What is running 'certbot renew'?

I'm using Let's Encrypt to secure an Apache installation on Ubuntu. I recently set up a deploy hook script to run on renewals, which I'm passing to certbot renew in a cron job by using the --deploy-hook option. On the first renewal since setting it…
Aron
  • 205
  • 2
  • 7
2
votes
2 answers

Nginx HTTPS connection to port 443 refused

So I've setup LetsEncrypt on my Nginx server but cannot connect over https. If I run curl https://my.domain.com Then I get the error curl: (7) Failed to connect to my.domain.com port 443: Connection refused So for some reason my Nginx server is…
Bencc
  • 53
  • 3
  • 6
2
votes
0 answers

Apache RedirectMatch for SSL allowing LetsEncrypt not working

I've been trying to use Apache RedirectMatch to send most requests to SSL, but still allowing the Lets Encrypt challenge to work: RedirectMatch permanent ^/(?!\.well\-known/acme\-challenge)(.*)$ https://example.com/$1 This redirects the bare…
mbrampton
  • 311
  • 4
  • 12
2
votes
0 answers

Let's Encrypt SSL install error on apache

I'm trying to install ssl on multiple virtual hosts and domains on same IP. I am using multiple .conf files for this. Already have three working domains on this IP with SSL. But while trying to install ssl on one more domain with…
Ramesh Pareek
  • 121
  • 1
  • 3
2
votes
0 answers

HAProxy multiple certificates error on first call

I have a load balancer running HAProxy 1.7.5-2 with the following setup: multiple https-enabled frontends each frontend binds the following (for different IPs): bind :443 ssl crt /opt/certbot/haproxy/fullchains/__fallback.pem crt…
Ivan Sieder
  • 121
  • 3
2
votes
2 answers

how to validate dhparams in apache <=2.4.6

How can I validate that I've properly setup my Apache 2.4.6 server with a custom 2048-bit (or 4096-bit) dhparams config? Following the weakdh.org sysadmin guide, I created my own dhparams.pem file with openssl dhparam -out dhparams.pem 2048. The…
Michael Altfield
  • 739
  • 2
  • 8
  • 23
2
votes
1 answer

IIS does not expose correct Let's Encrypt certificate?

I have a couple of website hosted on an IIS 8.5 instance. I have used letsencrypt-win-simple to generate certificates. This tool also install the certificates into IIS. I had reports that some browsers, mainly Android phones, are not able to use…
vfsoraki
  • 143
  • 1
  • 6
2
votes
1 answer

Let's Encrypt certbot-auto setuptools version error when run from cron

CentOS 6, certbot 0.16.0. When I run it manually as root (not by sudo) everything works. When I setup /etc/crontab to run it automatically it returns an error: Error: couldn't get currently installed version for…
Karol Jędrzejczyk
  • 133
  • 2
  • 12
2
votes
1 answer

disable ssl for mysql client apps

I have set up SSL for mysql replication. The problem is, that it makes problems on the other local apps which use mysql. Like postfix: Jul 25 23:00:22 srv1 postfix/proxymap[3141]: warning: connect to mysql server 127.0.0.1: SSL connection error:…
Thomas
  • 177
  • 3
  • 13
2
votes
1 answer

Where is cli.ini letsencrypt config file?

Where is the cli.ini file for default letsencrypt package? From Let's Encrypt docs, it's possible to set default rsa key length in a cli.ini file, however, I cannot find this file. I want to make sure that all my certs have the same key size as I…
Jayd
  • 73
  • 1
  • 4
2
votes
1 answer

letsencrypt certbot "Failed to find executable apache2ctl" with NGINX

Today I get error because my webserver server EXPIRED SSL OK I go into os server and run Let's Encrypt script fastly manually # /opt/letsencrypt/bin/letsencrypt-auto Upgrading certbot-auto 0.13.0 to 0.14.2... Replacing certbot-auto... Creating…
Bruno
  • 819
  • 1
  • 8
  • 19
2
votes
0 answers

Let's Encrypt: bypassing "query timed out looking up CAA..." with faulty DNS

While running certbot, the following message appears: query timed out looking up CAA for mydomain.com It appears that boulder is trying to query my DNS with a CAA record. However, my ISP's DNS does not support CAA, and the following command times…
Udi
  • 135
  • 6
2
votes
0 answers

OpenVPN with letsencrypt server certificate

I've setup an OpenVPN server on Debian/jessie, that uses user/password authentication (obtained via LDAP) to grant my users access to the VPN. The setup deliberately does not use client certificates. Of course, the server does have a certificate…
umläute
  • 499
  • 1
  • 7
  • 26
2
votes
0 answers

Failed to initialize component [Connector[org.apache.coyote.http11.Http11Protocol-8443]]

I'm trying to enable SSL on Tomcat (running custom domain on Ubunbu instance on Google Compute Engine). I created Let's Encrypt certificate, it created 4 files under…
ikcodez
  • 121
  • 1
  • 3
1 2 3
54 55