Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [lets-encrypt]

Let's Encrypt is a certificate authority that provides free X.509 certificates for TLS encryption.

Let's Encrypt is a certificate authority that entered public beta on December 3, 2015 that provides free X.509 certificates for Transport Layer Security encryption (TLS) via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation and renewal of certificates for secure websites.

An Python certificate management program called letsencrypt gets installed on the client side (the web server of an enrollee). This is used to order the certificate, to conduct the domain validation process, to install the certificate, to configure the HTTPS encryption in the HTTP server, and later to regularly renew the certificate.

After installation and agreeing to the user license, executing a single command is enough to get a valid certificate installed. Additional options like OCSP stapling or HTTP Strict Transport Security (HSTS) can also be enabled. Automatic setup initially only works with Apache and nginx.

Source: Wikiepdia

822 questions
8
votes
1 answer

Redirect everything but .well-known in NGINX (Let's Encrypt)

I want to get a certificate via the letsencrypt.sh so I have to provide a challenge on HTTP. Already I use NGINX to forward to SSL (served on a nodejs server). Now I want to still redirect everything to SSL, but not the challenge. Here is my…
Alex
  • 676
  • 1
  • 14
  • 37
8
votes
2 answers

Wildcard SSL with LetsEncrypt gives error

I want to create wildcard SSL for my website via LetsEncrypt. I followed the instruction and after running Certbot, it gives me a DNS challenge and says: Please deploy a DNS TXT record under the name _acme-challenge.db.example.com with the…
Fcoder
  • 341
  • 1
  • 4
  • 8
7
votes
2 answers

nginx "ERR_TOO_MANY_REDIRECTS" after add ssl

After i add Let's Encrypt certificate to my website with CertBot i get ERR_TOO_MANY_REDIRECTS when i try to visit the domain of my website. some info : -mywebsite build with django, nginx and gunicorn. server { server_name www.example.com…
DAMAR225
  • 173
  • 1
  • 1
  • 5
7
votes
1 answer

nginx https www redirect to non-www using let's encrypt certbot

Hi this must be a basic question but I haven't seen an answer with cerbot considerations (if there are any considerations). How do I get https www to redirect to non-www instead of timing out? The https www version of my site times out instead of…
duncangarde
  • 73
  • 1
  • 4
7
votes
1 answer

Adding a subdomain on Google Domains

I'm trying to create a TXT DNS record with name _acme-challenge.www on Google Domains to allow me to validate my DNS (i.e. via _acme-challenge.www.example.com). I've already validated the domain itself; but want to validate the www subdomain so I…
JohnLBevan
  • 1,214
  • 7
  • 22
  • 46
7
votes
3 answers

NGINX redirect everything except letsencrypt to https

I have a simple config, redirect everything except letsencrypt requests to https, and then have my virtual hosts only on https.. Currently all my requests are redirected to https, and then a 404 for letsencrypt: This is my config... server { …
Richard87
  • 240
  • 1
  • 2
  • 6
7
votes
1 answer

Renew letsencrypt certificate on Apache httpd

I'm using certbot --webroot plugin and certbot renew to renew the certificate, which does work, but it looks like httpd is caching the certificate and does not "see" that it's been updated. Is there a signal for httpd to reload the…
rustyx
  • 1,676
  • 3
  • 21
  • 30
7
votes
3 answers

Let's Encrypt -- "DNS ... query timed out looking up CAA for ..."

I have been using Let's Encrypt on a few domains for a couple of months now, and it generally has been working. I was going through renewing the certs, and for one of the domains I get the following error message (in the returned JSON object at…
Michael
  • 231
  • 2
  • 8
7
votes
3 answers

configure CouchDB with Lets Encrypt SSL certificate

What i would like to do: Now I'm using a self signed SSL certificate which works wonderful. But I would like to replace them with an official one of lets encrypt. What i have (self signed certificate): Here is a output of the important settings…
mnewmedia
  • 171
  • 1
  • 8
7
votes
1 answer

Explain Certbot's HTTPS redirect configuration

Can someone explain why Certbot is using the following redirect configuration server { if ($host = example.com) { return 301 https://$host$request_uri; } # managed by Certbot server_name example.com; listen 80; return…
Daniel
  • 6,940
  • 6
  • 33
  • 64
7
votes
1 answer

Letsencrypt for all subdomains *.example.com

I'd like to obtain one certificate working for all my subdomains *.example.com. This works: certbot-auto certonly --webroot --webroot-path /home/www/example/ --domain example.com --domain www.example.com --email…
Basj
  • 709
  • 3
  • 11
  • 29
6
votes
1 answer

How to have apache handle .well-known/acme-challenge and still have / passed to wsgi

In order to support automatic LetsEncrypt certificate renewal certbot uses the --apache handler. e.g. certbot renew --apache This handler installs a temporary VirtualHost for */.well-known/acme-challenge/ on the Apache server in order authenticate…
Jay M
  • 378
  • 4
  • 11
6
votes
0 answers

Error creating Letsencrypt certificate from Azure web site extension

Our web app running on Azure has the Azure Let's Encrypt 0.9.6 extension installed. Launching the extension (https://********-website-stage.scm.azurewebsites.net/letsencrypt/) is no problem and we get to fill the form with the values needed to…
GordonLiddy
  • 161
  • 1
6
votes
1 answer

Why does certbot suddenly fall back to http-01 challenge instead of tls-sni-01 (https)?

I have a well-tested bash script that was running fine until a few weeks ago. It seems that certbot challenge defaults now to http instead of https. I can't figure out the reason. echo 'rsa-key-size = 2048 renew-hook = /usr/sbin/ipsec reload &&…
Houman
  • 1,545
  • 4
  • 22
  • 36
6
votes
5 answers

How do I conditionally set the SSLCertificateFile when the file exists?

I am using Let's Encrypt (certonly) to generate SSL certificates for several websites hosted on an Apache server. The file location of these certificates is determinate before they are created, so I am writing their paths into my virtual host…
Nathan
  • 113
  • 2
  • 4
1 2
3
54 55