Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [lets-encrypt]

Let's Encrypt is a certificate authority that provides free X.509 certificates for TLS encryption.

Let's Encrypt is a certificate authority that entered public beta on December 3, 2015 that provides free X.509 certificates for Transport Layer Security encryption (TLS) via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation and renewal of certificates for secure websites.

An Python certificate management program called letsencrypt gets installed on the client side (the web server of an enrollee). This is used to order the certificate, to conduct the domain validation process, to install the certificate, to configure the HTTPS encryption in the HTTP server, and later to regularly renew the certificate.

After installation and agreeing to the user license, executing a single command is enough to get a valid certificate installed. Additional options like OCSP stapling or HTTP Strict Transport Security (HSTS) can also be enabled. Automatic setup initially only works with Apache and nginx.

Source: Wikiepdia

822 questions
16
votes
5 answers

Let's Encrypt SSL Certificate File Not Found Error, but still working

I'm running SSL Certificates from Let's Encrypt. I've got them installed on my Ubuntu machine running Apache. The setup works fine and I can launch the website, see the green padlock and even got an A+ on SSL Labs. The problem is that when I do…
jarvis
  • 2,006
  • 4
  • 18
  • 31
13
votes
1 answer

Why does my Let's Encrypt certificate contain references to Cloudflare?

I own a website that uses a Let's Encrypt certificate. It's not behind Cloudflare, it's hosted at OVH and I'm accepting direct traffic from it. Now, I set up an apache2 webserver and used certbot to automatically generate a certificate. The problem…
lolc
  • 143
  • 1
  • 7
10
votes
1 answer

A+ rating still unsecure by Google Chrome's opinion

I am provisioning my server on DigitalOcean, and although I am getting an A+ rating from ssllabs, https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz when I connect to my site, https://www.zandu.biz or https://zandu.biz, I get a unsecure notice…
The Architect
  • 229
  • 2
  • 6
10
votes
1 answer

Trying to get 100% in ssllabs.com key exchange

I wanted to know what steps are needed to get 100% on every category in ssllabs.com. I am aware that this could lead to problems in older systems, but I dont care. My letsencrypt.org certificate uses 4096 bits. This is the best score I could get…
feedc0de
  • 269
  • 1
  • 2
  • 9
10
votes
3 answers

Does order of lines matter in Nginx?

I have a server file like this server { listen 80; server_name subdomain.example.com; return 301 https://$server_name$request_uri; location /.well-known/acme-challenge { root /var/www/letsencrypt; } } Now when I try sudo letsencrypt…
Saras Arya
  • 231
  • 1
  • 4
  • 12
10
votes
1 answer

Do SSL Certs containing two wildcards work (esp. on Let's Encrypt)?

I want to include two wildcards in an SSL cert (will be) signed by Let's Encrypt: *.*.thost3.de. Will this cert match any hostnames matching that rule (e.g. example.example.thost3.de, hello.world.thost3.de), and can Let's Encrypt accept such…
Emoji
  • 201
  • 1
  • 4
9
votes
3 answers

Let's encrypt: Remove only one hostname from certificate

I have the following certificate: # certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log Found the following certs: Certificate Name: domain.example Domains: domain.example imap.domain.example mail.domain.example…
manifestor
  • 6,079
  • 7
  • 27
  • 39
9
votes
3 answers

How can I get a Let's Encrypt certificate for a non-public facing server?

I have a private Apache server, reachable only from my LAN on port 443, with a StartSSL certificate. Since Firefox 51 was released, I cannot connect to it any longer as the StartSSL root certificate was removed from the trust store. I considered…
Calimo
  • 410
  • 2
  • 6
  • 15
9
votes
1 answer

RabbitMQ with a LetsEncrypt certificate

I have been trying to install my LetsEncrypt generated certificates into my rabbitmq server but have had no luck. To test things out with out having to fight permission issues I have copied the pem files from /etc/letsencrypt/live// to my…
Brian Cain
  • 143
  • 1
  • 8
8
votes
1 answer

Use LetsEncrypt certs with Neo4j

How can one use the certificate files generated by LetsEncrypt together with a Neo4j instance? The files generated by LetsEncrypt are: cert.pem chain.pem fullchain.pem privkey.pem I've tried conversion via OpenSSL with no luck so far, using…
Michael Johansen
  • 233
  • 1
  • 2
  • 12
8
votes
2 answers

Letsencrypt - do I need to keep ".well-known" accessible for certificate renewal?

I created a certificate for my Apache 2.4 server. To validate my server letsencrypt created the folder .well-known and accessed it. Do I need to keep this folder accessible (for certificate renewal) or could I delete/block the folder?
dermoritz
  • 181
  • 7
8
votes
1 answer

Utilizing SSL on Multi-domain, Autoscaling Elastic Beanstalk Setup

We are creating a Content Management System for our company. It is important that this CMS support dynamic domain names on a dynamic number of servers. After many hours of research we felt that Amazon's Elastic Beanstalk was the way to go. One thing…
Patrick Stephan
  • 211
  • 2
  • 8
8
votes
10 answers

Using Lets Encrypt certificates with openLDAP

I've been running an openLDAP server for several months now and we use it to authenticate for a number of applications. A previous staff member set up the server and it doesn't seem to be a standard installation but it's pretty…
shaneoh
  • 414
  • 3
  • 7
  • 19
8
votes
4 answers

Lets Encrypt OpenVPN AS

I've got an OpenVPN AS running and I am trying to setup SSL certs (running ubuntu) from letsencrypt. I've managed to get my certificates from letsencrypt (using letsencrypt standalone) and I was hoping to make a symlink to the certificates in the…
Ben Flowers
  • 301
  • 1
  • 2
  • 9
8
votes
2 answers

Using Let's Encrypt inside Docker's official Wordpress container

I'm trying to get Let's Encrypt inside the official Docker Wordpress container. Setup the environment $ cat docker-compose.yml wordpress: hostname: some.fqdn.com image: wordpress links: - db:mysql ports: - 80:80 - 443:443 db: …
vpetersson
  • 861
  • 1
  • 11
  • 22
1
2
3
54 55