Здравствуйте!
На хостинге Ру-Центра есть акция «SSL-сертификат в подарок» — можно бесплатно получить SSL-сертификат на год. Если за этот год Яндекс успел изменить главное зеркало вашего сайта на https-протокол или вы сами через 301-ый редирект попросили поисковые системы индексировать ваш сайт по https, возникает проблема — либо платить за продление сертификата, либо терять посетителей. Ни того, ни другого не хочется. Поэтому, выбор пал на бесплатный SSL-сертификат Let’s Encrypt. К тому же, ACME протокол стал стандартом RFC 8555.
Решено было пойти по прямому пути, а именно использовать certbot-auto. Для этого понадобится Linux, желательно работающий с USB-накопителя. В качестве такого был выбран Knoppix.
Скачиваем дистрибутив KNOPPIX_V8.2-2018-05-10-EN с зеркала или через torrent. Записываем на DVD диск, загружаемся с DVD диска. Теперь запускаем flash-knoppix и получаем, практически, Debian на USB.
Осталось скачать certbot-auto и можно получать SSL-сертификат. Открываем shell.
knoppix@Microknoppix:~$ wget https://dl.eff.org/certbot-auto
knoppix@Microknoppix:~$ sudo mv certbot-auto /usr/local/bin/certbot-auto
knoppix@Microknoppix:~$ sudo chown root /usr/local/bin/certbot-auto
knoppix@Microknoppix:~$ sudo chmod 0755 /usr/local/bin/certbot-auto
Запускаем certbot-auto и… (пропустить установку пакетов)
knoppix@Microknoppix:~$ sudo /usr/local/bin/certbot-auto certonly
Bootstrapping dependencies for Debian-based OSes… (you can skip this with --no-bootstrap)
--- пропущено обновление репозиториев ---
Reading package lists… Done
Building dependency tree
Reading state information… Done
python is already the newest version (2.7.13-2).
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
ca-certificates : Depends: openssl (>= 1.1.1) but 1.1.0j-1~deb9u1 is to be installed
python-dev : Depends: libpython-dev (= 2.7.13-2) but it is not going to be installed
Depends: python2.7-dev (>= 2.7.13-1~) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
… не тут то было. Пакеты немного не те.
Начнем с openssl.
knoppix@Microknoppix:~$ apt list -a openssl Listing… Done openssl/testing,unstable 1.1.1b-2 i386 openssl/stable,stable 1.1.0j-1~deb9u1 i386 [upgradable from: 1.1.0g-2] openssl/now 1.1.0g-2 i386 [installed,upgradable to: 1.1.0j-1~deb9u1]
Для ca-certificates нужна версия 1.1.1 или выше. Ставим openssl/testing.
knoppix@Microknoppix:~$ sudo apt install openssl/testing --- пропущено обновление репозиториев --- Reading package lists… Done Building dependency tree Reading state information… Done Selected version '1.1.1b-2' (Debian:testing, Debian:unstable [i386]) for 'openssl' Selected version '1.1.1b-2' (Debian:testing, Debian:unstable [i386]) for 'libssl1.1' because of 'openssl' Selected version '2.28-10' (Debian:testing, Debian:unstable [i386]) for 'libc6' because of 'libssl1.1' The following additional packages will be installed: libc-bin libc-dev-bin libc-l10n libc6 libc6-amd64 libc6-dev libc6-dev-amd64 libc6-dev-x32 libc6-x32 libidn2-0 libnih-dbus1 libnih1 libssl1.1 locales Suggested packages: glibc-doc The following packages will be REMOVED: libssl-dev The following packages will be upgraded: libc-bin libc-dev-bin libc-l10n libc6 libc6-amd64 libc6-dev libc6-dev-amd64 libc6-dev-x32 libc6-x32 libidn2-0 libnih-dbus1 libnih1 libssl1.1 locales openssl 15 upgraded, 0 newly installed, 1 to remove and 1946 not upgraded. Need to get 27.2 MB of archives. After this operation, 4,543 kB of additional disk space will be used. Do you want to continue? [Y/n]
Y — без вариантов. Скачивается, устанавливается. Проверяем.
knoppix@Microknoppix:~$ /usr/bin/openssl version
OpenSSL 1.1.1b 26 Feb 2019
Посмотрим, что осталось ещё. Запускаем certbot-auto.
knoppix@Microknoppix:~$ sudo /usr/local/bin/certbot-auto certonly
--- пропущено обновление репозиториев ---
Reading package lists… Done
Building dependency tree
Reading state information… Done
python is already the newest version (2.7.13-2).
openssl is already the newest version (1.1.1b-2).
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libssl-dev : Depends: libssl1.1 (= 1.1.0j-1~deb9u1) but 1.1.1b-2 is to be installed
python-dev : Depends: libpython-dev (= 2.7.13-2) but it is not going to be installed
Depends: python2.7-dev (>= 2.7.13-1~) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
libssl-dev был удален при обновлении openssl. Установим заново.
knoppix@Microknoppix:~$ apt list -a libssl-dev Listing… Done libssl-dev/testing,unstable 1.1.1b-2 i386 libssl-dev/stable,stable 1.1.0j-1~deb9u1 i386 knoppix@Microknoppix:~$ sudo apt install libssl-dev/testing Reading package lists… Done Building dependency tree Reading state information… Done Selected version '1.1.1b-2' (Debian:testing, Debian:unstable [i386]) for 'libssl-dev' The following NEW packages will be installed: libssl-dev 0 upgraded, 1 newly installed, 0 to remove and 1946 not upgraded. Need to get 1,821 kB of archives. After this operation, 7,011 kB of additional disk space will be used. Get:1 http://ftp.de.debian.org/debian testing/main i386 libssl-dev i386 1.1.1b-2 [1,821 kB] Fetched 1,821 kB in 1s (1,295 kB/s) Selecting previously unselected package libssl-dev:i386. (Reading database … 468148 files and directories currently installed.) Preparing to unpack …/libssl-dev_1.1.1b-2_i386.deb … Unpacking libssl-dev:i386 (1.1.1b-2) … Setting up libssl-dev:i386 (1.1.1b-2) …
Установился. Разбираемся с зависимостями python-dev.
knoppix@Microknoppix:~$ apt list -a libpython-dev Listing… Done libpython-dev/testing,unstable 2.7.16-1 i386 libpython-dev/stable 2.7.13-2 i386 knoppix@Microknoppix:~$ apt list -a python2.7-dev Listing… Done python2.7-dev/testing,unstable 2.7.16-2 i386 python2.7-dev/stable,stable 2.7.13-2+deb9u3 i386 knoppix@Microknoppix:~$ sudo apt install libpython-dev/testing python2.7-dev/testing Reading package lists… Done Building dependency tree Reading state information… Done Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'libpython-dev' Selected version '2.7.16-2' (Debian:testing, Debian:unstable [i386]) for 'libpython2.7-dev' because of 'libpython-dev' Selected version '2.7.16-2' (Debian:testing, Debian:unstable [i386]) for 'libpython2.7-stdlib' because of 'libpython2.7-dev' Selected version '2.7.16-2' (Debian:testing, Debian:unstable [i386]) for 'libpython2.7' because of 'libpython2.7-dev' Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'libpython2-dev' because of 'libpython-dev' Selected version '2.7.16-2' (Debian:testing, Debian:unstable [i386]) for 'python2.7-dev' Selected version '2.7.16-2' (Debian:testing, Debian:unstable [i386]) for 'python2.7' because of 'python2.7-dev' Selected version '2.7.16-2' (Debian:testing, Debian:unstable [i386]) for 'python2.7-minimal' because of 'python2.7' The following additional packages will be installed: libpython2-dev libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib python2.7 python2.7-minimal Suggested packages: python2.7-doc The following NEW packages will be installed: libpython-dev libpython2-dev libpython2.7-dev python2.7-dev The following packages will be upgraded: libpython2.7 libpython2.7-minimal libpython2.7-stdlib python2.7 python2.7-minimal 5 upgraded, 4 newly installed, 0 to remove and 1941 not upgraded. Need to get 36.8 MB of archives. After this operation, 49.1 MB of additional disk space will be used. Do you want to continue? [Y/n]
Соглашаемся. Скачивается, устанавливается. Продолжаем.
knoppix@Microknoppix:~$ sudo /usr/local/bin/certbot-auto certonly … The following packages have unmet dependencies: python-dev : Depends: libpython-dev (= 2.7.13-2) but 2.7.16-1 is to be installed E: Unable to correct problems, you have held broken packages.
python-dev зависит от libpython-dev версии 2.7.13-2, а у нас уже новее. Обновляем python-dev.
knoppix@Microknoppix:~$ sudo apt install python-dev/testing Reading package lists… Done Building dependency tree Reading state information… Done Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'python-dev' Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'python' because of 'python-dev' Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'python-minimal' because of 'python' Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'python2-minimal' because of 'python-minimal' Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'libpython-stdlib' because of 'python' Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'libpython2-stdlib' because of 'libpython-stdlib' Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'python2' because of 'python' Selected version '2.7.16-1' (Debian:testing, Debian:unstable [i386]) for 'python2-dev' because of 'python-dev' The following additional packages will be installed: libpython-stdlib libpython2-stdlib python python-minimal python2 python2-dev python2-minimal Suggested packages: python-doc python-tk python2-doc The following NEW packages will be installed: libpython2-stdlib python-dev python2 python2-dev python2-minimal The following packages will be upgraded: libpython-stdlib python python-minimal 3 upgraded, 5 newly installed, 0 to remove and 1941 not upgraded. Need to get 171 kB of archives. After this operation, 341 kB disk space will be freed. Do you want to continue? [Y/n]
Соглашаемся. Скачивается, устанавливается. Запускаем certbot-auto.
knoppix@Microknoppix:~$ sudo /usr/local/bin/certbot-auto … Reading package lists… Done Building dependency tree Reading state information… Done libssl-dev is already the newest version (1.1.1b-2). openssl is already the newest version (1.1.1b-2). python is already the newest version (2.7.16-1). python-dev is already the newest version (2.7.16-1). The following additional packages will be installed: binutils binutils-common binutils-i686-linux-gnu binutils-multiarch cpp cpp-8 gcc-8 gcc-8-base lib64atomic1 lib64gcc1 lib64gomp1 lib64itm1 lib64mpx2 lib64quadmath0 lib64stdc++6 libasan5 libatomic1 libbinutils libcc1-0 libgcc-8-dev libgcc1 libgomp1 libisl19 libitm1 libmpx2 libobjc4 libquadmath0 libstdc++6 libubsan1 libx32atomic1 libx32gcc1 libx32gomp1 libx32itm1 libx32quadmath0 libx32stdc++6 python3-virtualenv Suggested packages: augeas-doc binutils-doc cpp-doc gcc-8-locales flex bison gcc-doc gcc-8-multilib gcc-8-doc libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan5-dbg liblsan0-dbg libtsan0-dbg libubsan1-dbg libmpx2-dbg libquadmath0-dbg augeas-tools The following NEW packages will be installed: augeas-lenses cpp-8 gcc-8 libasan5 libaugeas0 libffi-dev libgcc-8-dev libisl19 libubsan1 python-virtualenv python3-virtualenv virtualenv The following packages will be upgraded: binutils binutils-common binutils-i686-linux-gnu binutils-multiarch ca-certificates cpp gcc gcc-8-base lib64atomic1 lib64gcc1 lib64gomp1 lib64itm1 lib64mpx2 lib64quadmath0 lib64stdc++6 libatomic1 libbinutils libcc1-0 libgcc1 libgomp1 libitm1 libmpx2 libobjc4 libquadmath0 libstdc++6 libx32atomic1 libx32gcc1 libx32gomp1 libx32itm1 libx32quadmath0 libx32stdc++6 31 upgraded, 12 newly installed, 0 to remove and 1910 not upgraded. Need to get 32.1 MB of archives. After this operation, 77.4 MB of additional disk space will be used. Do you want to continue? [Y/n]
Так, broken packages уже нет — это хорошо. Соглашаемся, ждем пока всё скачается и установится.
done. done.
Два раза done! Сейчас точно заработает!
Creating virtual environment…
Traceback (most recent call last):
File "/usr/bin/virtualenv", line 11, in
load_entry_point('virtualenv==15.1.0', 'console_scripts', 'virtualenv')()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 572, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2755, in load_entry_point
return ep.load()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2408, in load
return self.resolve()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2414, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/lib/python3/dist-packages/virtualenv.py", line 25, in
import distutils.sysconfig
ModuleNotFoundError: No module named 'distutils.sysconfig'
Traceback (most recent call last):
File "", line 27, in
File "", line 19, in create_venv
File "/usr/lib/python2.7/subprocess.py", line 190, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['virtualenv', '--no-site-packages', '--python', '/usr/bin/python2.7', '/opt/eff.org/certbot/venv']' returned non-zero exit status 1
Проблема с модулем distutils.sysconfig. Ищем в интернете. Находится bugreport. Нужно установить вручную.
knoppix@Microknoppix:~$ apt list -a python3-distutils Listing… Done python3-distutils/experimental 3.8.0~a3-1 all python3-distutils/unstable 3.7.3-1 all python3-distutils/testing 3.7.3~rc1-1 all knoppix@Microknoppix:~$ sudo apt install python3-distutils/testing Reading package lists… Done Building dependency tree Reading state information… Done Selected version '3.7.3~rc1-1' (Debian:testing [all]) for 'python3-distutils' Selected version '3.7.2-1' (Debian:testing [i386]) for 'python3' because of 'python3-distutils' Selected version '3.7.2-1' (Debian:testing [i386]) for 'python3-minimal' because of 'python3' Selected version '3.7.3~rc1-1' (Debian:testing [i386]) for 'python3.7-minimal' because of 'python3-minimal' Selected version '3.7.3~rc1-1' (Debian:testing [i386]) for 'libpython3.7-minimal' because of 'python3.7-minimal' Selected version '3.7.3~rc1-1' (Debian:testing [i386]) for 'python3.7' because of 'python3' Selected version '3.7.3~rc1-1' (Debian:testing [i386]) for 'libpython3.7-stdlib' because of 'python3.7' Selected version '3.7.2-1' (Debian:testing [i386]) for 'libpython3-stdlib' because of 'python3' Selected version '3.7.3~rc1-1' (Debian:testing [all]) for 'python3-lib2to3' because of 'python3-distutils' The following packages were automatically installed and are no longer required: dh-python gir1.2-harfbuzz-0.0 hplip-data icu-devtools libcairo-script-interpreter2 libfontconfig1-dev libfreetype6-dev libglib2.0-dev-bin libgraphite2-dev libharfbuzz-gobject0 libicu-dev libopenshot-audio6 libopenshot14 libpcre16-3 libpcre3-dev libpcre32-3 libpixman-1-dev libpng-dev libqt5designer5 libsane-hpaio libxcb-shm0-dev libxcomposite-dev libxcursor-dev libxft-dev libxi-dev libxinerama-dev libxkbcommon-dev libxrandr-dev libxrender-dev libxtst-dev python-apt-common python3-apt python3-debian python3-httplib2 python3-ptyprocess python3-sip python3-zmq wayland-protocols x11proto-composite-dev x11proto-record-dev x11proto-render-dev x11proto-xinerama-dev Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: gir1.2-atk-1.0 gir1.2-atspi-2.0 gir1.2-harfbuzz-0.0 hplip-data libapt-inst2.0 libapt-pkg5.0 libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libboost-python1.62.0 libcairo-gobject2 libcairo-script-interpreter2 libcairo2 libfreetype6 libfreetype6-dev libglib2.0-0 libglib2.0-bin libglib2.0-dev-bin libgpgmepp6 libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz0b libicu63 libimagequant0 libpython3-stdlib libpython3.7-minimal libpython3.7-stdlib printer-driver-postscript-hp python3 python3-apt python3-brlapi python3-cairo python3-cups python3-dbus python3-gi python3-gi-cairo python3-lib2to3 python3-minimal python3-pil python3-pyatspi python3-renderpm python3-reportlab-accel python3-sip python3-smbc python3-zmq python3.7 python3.7-minimal uno-libs3 ure Suggested packages: hplip libgdk-pixbuf2.0-bin | libgdk-pixbuf2.0-dev python3-doc python3-tk python3-venv python3-apt-dbg python-apt-doc python-dbus-doc python3-dbus-dbg python-pil-doc python3-pil-dbg python3-renderpm-dbg python3.7-venv python3.7-doc Recommended packages: apt at-spi2-core freetype2-doc python3-olefile The following packages will be REMOVED: hplip libatk-bridge2.0-dev libatk1.0-dev libatspi2.0-dev libcairo2-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk-3-dev libharfbuzz-dev libpango1.0-dev libreoffice libreoffice-help-de libreoffice-help-en-us libreoffice-java-common libreoffice-l10n-de openshot openshot-qt python3-debianbts python3-openshot python3-pexpect python3-pycurl python3-pyqt5 python3-pyqt5.qtsvg python3-pyqt5.qtwebkit python3-pysimplesoap python3-reportbug python3-uno reportbug The following NEW packages will be installed: libicu63 libimagequant0 libpython3.7-minimal libpython3.7-stdlib python3-distutils python3-lib2to3 python3.7 python3.7-minimal The following packages will be upgraded: gir1.2-atk-1.0 gir1.2-atspi-2.0 gir1.2-harfbuzz-0.0 hplip-data libapt-inst2.0 libapt-pkg5.0 libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libboost-python1.62.0 libcairo-gobject2 libcairo-script-interpreter2 libcairo2 libfreetype6 libfreetype6-dev libglib2.0-0 libglib2.0-bin libglib2.0-dev-bin libgpgmepp6 libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz0b libpython3-stdlib printer-driver-postscript-hp python3 python3-apt python3-brlapi python3-cairo python3-cups python3-dbus python3-gi python3-gi-cairo python3-minimal python3-pil python3-pyatspi python3-renderpm python3-reportlab-accel python3-sip python3-smbc python3-zmq uno-libs3 ure 43 upgraded, 8 newly installed, 28 to remove and 1843 not upgraded. Need to get 34.9 MB of archives. After this operation, 146 MB disk space will be freed. Do you want to continue? [Y/n]
Да… Не зря умные люди придумали Docker! Выбора нет — соглашаемся. Скачивается, устанавливается. Запускаем certbot-auto.
knoppix@Microknoppix:~$ sudo /usr/local/bin/certbot-auto certonly Bootstrapping dependencies for Debian-based OSes… (you can skip this with --no-bootstrap) … 0 upgraded, 0 newly installed, 0 to remove and 1852 not upgraded. Creating virtual environment… Installing Python packages… Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log
Заработала!
How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Apache Web Server plugin (apache) 2: Spin up a temporary webserver (standalone) 3: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-3] then [enter] (press 'c' to cancel):
Выбираем пункт 3.
Plugins selected: Authenticator webroot, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
Вводим свой адрес электронной почты.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel:
Читаем условия и принимаем, если согласны.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o:
Если интересно почитать новости, то можно согласиться.
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel):
Вводим доменное имя для которого выпускается сертификат.
Obtaining a new certificate Performing the following challenges: http-01 challenge for domain_name Input the webroot for domain_name: (Enter 'c' to cancel):
Так, webroot на USB-накопителе нет. Отказываемся.
Cleaning up challenges Every requested domain must have a webroot when using the webroot plugin. IMPORTANT NOTES: Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
Выпуск сертификата
Запускаем certbot-auto с подтверждением в ручном режиме.
knoppix@Microknoppix:~$ sudo /usr/local/bin/certbot-auto certonly -a manual Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel):
Authenticator manual — то что нужно. Вводим доменное имя.
Obtaining a new certificate Performing the following challenges: http-01 challenge for domain_name - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o:
IP не мой, а провайдера — соглашаемся.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Create a file containing just this data: Данные acme-challenge And make it available on your web server at this URL: http://domain_name/.well-known/acme-challenge/challenge_filename - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
С помощью файлового менеджера создаем папку .well-known в корневой папке сайта. В этой папке создаем папку acme-challenge и создаем файл с нужным именем и нужной строкой внутри.
Waiting for verification… Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/domain_name/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/domain_name/privkey.pem Your cert will expire on 2019-mm-dd. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Вот. Сертификат выпущен. Удаляем папку .well-known на сайте. Смотрим файлы.
knoppix@Microknoppix:~$ ls -l /etc/letsencrypt/live/domain_name lrwxrwxrwx 1 root root 36 cert.pem -> ../../archive/domain_name/cert1.pem lrwxrwxrwx 1 root root 37 chain.pem -> ../../archive/domain_name/chain1.pem lrwxrwxrwx 1 root root 41 fullchain.pem -> ../../archive/domain_name/fullchain1.pem lrwxrwxrwx 1 root root 39 privkey.pem -> ../../archive/domain_name/privkey1.pem -rw-r--r-- 1 root root 692 README
Устанавливаем сертификат на сайт. Для этого выведем текстовое представление сертификата и приватного ключа.
knoppix@Microknoppix:~$ sudo cat /etc/letsencrypt/live/domain_name/cert.pem knoppix@Microknoppix:~$ sudo cat /etc/letsencrypt/live/domain_name/privkey.pem
Промежуточный сертификат можно загрузить только в виде файла. Скопируем chain.pem в папку пользователя.
knoppix@Microknoppix:~$ sudo cp /etc/letsencrypt/live/domain_name/chain.pem . knoppix@Microknoppix:~$ sudo chown knoppix:knoppix chain.pem
Загрузим chain.pem в панель управления и нажимаем Установить.
Всё! Сертификат установлен на хостинг.
sudo apt install certbot
sudo certbot -a manual
не благодарите