71 lines
1.3 KiB
Markdown
71 lines
1.3 KiB
Markdown
## Signiertes SSL-Zertifikat installieren
|
|
**Backports zulassen**
|
|
|
|
```xml
|
|
sudo nano /etc/apt/sources.list
|
|
```
|
|
-> Einfügen: deb http://ftp.debian.org/debian jessie-backports main
|
|
|
|
**Quellen aktualisieren**
|
|
|
|
```xml
|
|
sudo apt update
|
|
```
|
|
|
|
**Schlüssel reparieren**
|
|
*Nur nötig, falls eine Fehlermeldung erscheint*
|
|
Siehe [Öffentliche Schlüssel von alten Paketen (Backports) importieren](https://cdng.ddns.net/gitea/julian/raspberry-pi/src/master/oeffentliche-schluessel-importieren.md)
|
|
|
|
**Certbot installieren**
|
|
|
|
```xml
|
|
sudo apt install -t jessie-backports certbot -y
|
|
```
|
|
|
|
**nginx beenden**
|
|
|
|
```xml
|
|
sudo /etc/init.d/nginx stop
|
|
```
|
|
|
|
**Certbot ausführen**
|
|
|
|
```xml
|
|
sudo certbot certonly
|
|
```
|
|
(Option 2: Automatically use a temporary webserver, Adresse der Dynamischen DNS eingeben)
|
|
|
|
**nginx wieder starten**
|
|
|
|
```xml
|
|
sudo /etc/init.d/nginx start
|
|
```
|
|
|
|
**nginx-config bearbeiten**
|
|
|
|
```xml
|
|
sudo nano /etc/nginx/sites-available/default
|
|
```
|
|
-> Ändern:
|
|
|
|
```xml
|
|
…
|
|
server {
|
|
ssl_certificate /etc/letsencrypt/live/domain.xx/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/domain.xx/privkey.pem;
|
|
…
|
|
}
|
|
```
|
|
|
|
**Zertifikat erneuern**
|
|
*Zertifikate laufen alle 90 Tage ab*
|
|
|
|
```xml
|
|
sudo crontab -e
|
|
```
|
|
|
|
-> Dort einfügen:
|
|
|
|
```xml
|
|
0 5 */20 * * certbot renew --quiet --pre-hook "/etc/init.d/nginx stop" --post-hook "/etc/init.d/nginx start"
|
|
``` |