Browsed by
Category: web

Certbot, a Let’s Encrypt Client

Certbot, a Let’s Encrypt Client

I have been using Let’s Encrypt SSL/TLS certificates since they where available in open beta. Because back then there wasn’t any packaged client to obtain your certs I went with the letsencrypt and later certbot Github vanilla install.

That worked very well but is was a little bit cumbersome. The benefit was primarily to be up to date with the latest version and features.

In Mai 2016 the letsencrypt client became “certbot

certbot vanilla install via git

Obtain a new certificate in webroot mode:

To renew, run:

To update certbot and pull in any changes just run git:

Over time, your local clone of certbot clutters with stale branches. That’s not really a problem. But if you want it tidy you might run an occasional git remote prune origin after your pull.

Today certbot is available in all major Linux distributions.
But if you want the latest and greatest it might be necessary to pick a specific repository.

Ubuntu 16.04 with the latest certbot

In Ubuntu Xenial aka 16.04 there is an PPA with up to date versions available. To install, run:

This package installs a very convenient cronjob which takes care of automatic cert renewal:

This cronjob reliably renews any due certificates. Awesome.

Apache IfDefine and startup with sysVinit and systemd

Apache IfDefine and startup with sysVinit and systemd

To define a name for use in directives during Apache startup is an easy way to control the behavior of the webserver depending on your environment specifics.

This way you can have different configurations applied according to the context, facts you have or variables you set. It is possible to distinguish between production and development, detected facts, the hostname or a context string.
And you can have your apache config stored in a git repository which is used on two or more webservers to propagate changes easily between hosts.

These are the two use cases I want to look into:

  • having several web servers (doing the same thing) but with different hardware
  • having a development machine and one or more production machine(s) with a slightly different configuration

How would you do this?

Read More Read More