From f814a77d8a1e8265bf1aa428f8dcb853ab3e56f2 Mon Sep 17 00:00:00 2001 From: Willy Sudiarto Raharjo Date: Fri, 18 Jan 2019 21:06:52 +0700 Subject: system/letsencrypt: Update README. Signed-off-by: Willy Sudiarto Raharjo --- system/letsencrypt/README.Slackware | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware index 0558cc5ba7..c74561a81e 100644 --- a/system/letsencrypt/README.Slackware +++ b/system/letsencrypt/README.Slackware @@ -1,14 +1,19 @@ PLUGINS SUPPORT -letsencrypt support five plugins to obtain/install certificates and many more to come in the future. +letsencrypt support multiple plugins to obtain/install certificates and many more to come in the future. Using apache plugin is the recommended way as it doesn't require the webserver to be taken offline causing downtime during validation. -All domain-spesific configuration files are stored in /etc/letsencrypt/live/ +All domain-spesific configuration files are stored in /etc/letsencrypt/renewal/ Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf Since 0.14.1, letsencrypt is able to generate/renew all certificates for all of your configured vhost domains. Just run letsencrypt or certbot and you will see all domains are available. +VALIDATION METHODS +Letsencrypt have several validation method, but the preferred solution for now is HTTP-01 and DNS-01. +TLS-SNI-01 will be deprecated per February 13, 2019 +(https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209) + RENEWAL PROCESS Best way to automate the certificate renewal is by using cron service. Create a bash script in /etc/cron.monthly that does the following actions: @@ -16,7 +21,7 @@ Create a bash script in /etc/cron.monthly that does the following actions: RATE LIMIT Rate limit on registrations per IP is now 500 per 3 hours. -Rate limit on certificates per Domain is now 20 per 7 days. +Rate limit on certificates per Domain is now 50 per 7 days. See complete documentation here: https://letsencrypt.org/docs/rate-limits/ CONFIGURATION FILES -- cgit v1.2.3