Installing Let's Encrypt SSL Certificates On Namecheap Hosting: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
== Installing a certificate for the first time == | |||
This [https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6 Gist] has detailed instructions on how to install a Let's Encrypt SSL certificate for a web site hosted on Namecheap. | This [https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6 Gist] has detailed instructions on how to install a Let's Encrypt SSL certificate for a web site hosted on Namecheap. | ||
| Line 5: | Line 5: | ||
It references [https://github.com/diafygi/acme-nosudo this Python script] which conducts the challenge with Let's Encrypt that verifies control of the domain(s). | It references [https://github.com/diafygi/acme-nosudo this Python script] which conducts the challenge with Let's Encrypt that verifies control of the domain(s). | ||
== Renewing the certificate == | |||
<div class="alert alert-warning">Todo: figure out if there is a way to automate renewing the certificate. Right now it seems that it requires manually entering commands into a terminal.</div> | <div class="alert alert-warning">Todo: figure out if there is a way to automate renewing the certificate. Right now it seems that it requires manually entering commands into a terminal.</div> | ||
| Line 12: | Line 12: | ||
* Navigate to the directory containing Let's Encrypt keys and scripts, e.g. `~/letsencrypt/letsencrypt_nosudo/` | * Navigate to the directory containing Let's Encrypt keys and scripts, e.g. `~/letsencrypt/letsencrypt_nosudo/` | ||
* Generate a new signed certificate: | * Generate a new signed certificate: | ||
< | <syntaxhighlight lang="bash"> | ||
python sign_csr.py -f --public-key user.pub ./ | python sign_csr.py -f --public-key user.pub ./[DOMAIN]/domain.csr > ./[DOMAIN]/signed.crt | ||
</ | </syntaxhighlight> | ||
This will first prompt for an admin email address. | |||
Then it will prompt for a series of commands to be entered, which create JSON files that are used by the signing script. | |||
Then it will prompt for a file to be installed on the server for each of the subdomains included in the certificate. | |||
(Those are the three steps that would need to be automated somehow.) | |||
After verifying each of the domains, a signed certificate is created. | |||
The certificate is installed with: <ref>[https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6#gistcomment-2351618 Using uapi tool to install certificates]</ref> | |||
<syntaxhighlight lang="bash"> | |||
crt=`cat ./[DOMAIN]/signed.crt | python urlencode.py` | |||
key=`cat ./[DOMAIN]/.key | python urlencode.py` | |||
uapi SSL install_ssl domain=[MYDOMAIN.TLD] cert="$crt" key="$key" | |||
</syntaxhighlight> | |||
== See also == | |||
<references /> | |||
[[Category:SSL]][[Category:Web Hosting]][[Category:Web Development]] | [[Category:SSL]][[Category:Web Hosting]][[Category:Web Development]] | ||
Revision as of 17:32, 18 December 2018
Installing a certificate for the first time
This Gist has detailed instructions on how to install a Let's Encrypt SSL certificate for a web site hosted on Namecheap.
It references this Python script which conducts the challenge with Let's Encrypt that verifies control of the domain(s).
Renewing the certificate
Todo: figure out if there is a way to automate renewing the certificate. Right now it seems that it requires manually entering commands into a terminal.
- SSH to the server.
- Navigate to the directory containing Let's Encrypt keys and scripts, e.g.
~/letsencrypt/letsencrypt_nosudo/ - Generate a new signed certificate:
python sign_csr.py -f --public-key user.pub ./[DOMAIN]/domain.csr > ./[DOMAIN]/signed.crt
This will first prompt for an admin email address.
Then it will prompt for a series of commands to be entered, which create JSON files that are used by the signing script.
Then it will prompt for a file to be installed on the server for each of the subdomains included in the certificate.
(Those are the three steps that would need to be automated somehow.)
After verifying each of the domains, a signed certificate is created.
The certificate is installed with: [1]
crt=`cat ./[DOMAIN]/signed.crt | python urlencode.py` key=`cat ./[DOMAIN]/.key | python urlencode.py` uapi SSL install_ssl domain=[MYDOMAIN.TLD] cert="$crt" key="$key"