summaryrefslogtreecommitdiffstats
path: root/system/letsencrypt
diff options
context:
space:
mode:
author Willy Sudiarto Raharjo2019-01-18 15:06:52 +0100
committer Willy Sudiarto Raharjo2019-01-18 15:09:58 +0100
commitf814a77d8a1e8265bf1aa428f8dcb853ab3e56f2 (patch)
treec75d0f97f08f03769e73b00c76095b0060a87ce9 /system/letsencrypt
parent35cd005073fd3061d4ce79ebba758e414d5f869d (diff)
downloadslackbuilds-f814a77d8a1e8265bf1aa428f8dcb853ab3e56f2.tar.gz
system/letsencrypt: Update README.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system/letsencrypt')
-rw-r--r--system/letsencrypt/README.Slackware11
1 files changed, 8 insertions, 3 deletions
diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware
index 0558cc5ba7..c74561a81e 100644
--- a/system/letsencrypt/README.Slackware
+++ b/system/letsencrypt/README.Slackware
@@ -1,14 +1,19 @@
PLUGINS SUPPORT
-letsencrypt support five plugins to obtain/install certificates and many more to come in the future.
+letsencrypt support multiple plugins to obtain/install certificates and many more to come in the future.
Using apache plugin is the recommended way as it doesn't require the webserver to be taken offline
causing downtime during validation.
-All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
+All domain-spesific configuration files are stored in /etc/letsencrypt/renewal/<DOMAIN-NAME>
Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf
Since 0.14.1, letsencrypt is able to generate/renew all certificates for all of your configured vhost domains.
Just run letsencrypt or certbot and you will see all domains are available.
+VALIDATION METHODS
+Letsencrypt have several validation method, but the preferred solution for now is HTTP-01 and DNS-01.
+TLS-SNI-01 will be deprecated per February 13, 2019
+(https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209)
+
RENEWAL PROCESS
Best way to automate the certificate renewal is by using cron service.
Create a bash script in /etc/cron.monthly that does the following actions:
@@ -16,7 +21,7 @@ Create a bash script in /etc/cron.monthly that does the following actions:
RATE LIMIT
Rate limit on registrations per IP is now 500 per 3 hours.
-Rate limit on certificates per Domain is now 20 per 7 days.
+Rate limit on certificates per Domain is now 50 per 7 days.
See complete documentation here: https://letsencrypt.org/docs/rate-limits/
CONFIGURATION FILES