See https://letsencrypt.readthedocs.org/en/latest/using.html#letsencrypt-auto
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
Make sure you allow access anywhere inbound and outbound.
sudo /home/ubuntu/.local/share/letsencrypt/bin/letsencrypt certonly --standalone-supported-challenges http-01 -d mysite.com -d www.mysite.com
It will check if you own the domain. Make sure you have correct CNAME records for your domains.
Output:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/mysite.com/fullchain.pem. Your cert
will expire on 2016-XX-XX. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Combine the pem files and copy them to /etc/haproxy:
sudo cat /etc/letsencrypt/live/mysite.com/privkey.pem /etc/letsencrypt/live/mysite.com/fullchain.pem > certificate.pem
sudo cp certificate.pem /etc/haproxy/certificate.pem
No comments:
Post a Comment