Free SSL Certificate / Zertifikat

Let’s Encrypt
Let’s Encrypt Glossar

ZeroSSL – FREE SSL Certificate Wizard

Wie Sie ein Let’s Encrypt Zertifikat erstellen und in ein Webhosting-Produkt einbinden

Web-Server

How to Secure Apache with SSL and Let’s Encrypt in FreeBSD
NameBasedSSLVHosts
NameBasedSSLVHostsWithSNI

Mail-Server

Certbot: Let’s Encrypt TLS-Zertifikate für Mailserver (Deprecated!)

Wildcard

Generate Wildcard SSL certificate using Let’s Encrypt/Certbot
Wildcard Domain Step-By-Step
ACME v2 Production Environment & Wildcards

Weiterleitung

Weiterleitung auf HTTPS einrichten
Apache2 http zu https Umleitung
QuickTipp: Weiterleitung (redirect) von HTTP auf HTTPS via Apache oder Htaccess

Multiple SSL Certificates with One IP Address

Server Name Indication (SNI)
Using Multiple SSL Certificates in Apache with One IP Address
Apache SNI Browser Support
Multi-Domain (SAN) Certificates – Using Subject Alternative Names
Was ist Server Name Indication (SNI)?
SSL vs. TLS – Worin bestehen die Unterschiede?
SNI (Server Name Indication)

pf

pfctl cheat sheet

py36-certbot

# pkg install py36-certbot
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 24 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        py36-certbot: 0.35.1,1
        py36-openssl: 19.0.0
        py36-cryptography: 2.6.1
        py36-six: 1.12.0
        py36-cffi: 1.12.3
        py36-pycparser: 2.19
        py36-asn1crypto: 0.24.0
        py36-josepy: 1.2.0
        py36-acme: 0.35.1,1
        py36-requests-toolbelt: 0.8.0
        py36-requests: 2.21.0
        py36-chardet: 3.0.4_1
        py36-certifi: 2019.6.16
        py36-urllib3: 1.22,1
        py36-pysocks: 1.7.0
        py36-idna: 2.8
        py36-pytz: 2019.1,1
        py36-pyrfc3339: 1.1
        py36-zope.interface: 4.6.0
        py36-zope.component: 4.2.2
        py36-zope.event: 4.1.0
        py36-parsedatetime: 2.4_1
        py36-configobj: 5.0.6_1
        py36-configargparse: 0.14.0

Number of packages to be installed: 24

The process will require 27 MiB more space.
7 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/24] Fetching py36-certbot-0.35.1,1.txz: 100%  458 KiB 468.8kB/s    00:01
[2/24] Fetching py36-openssl-19.0.0.txz: 100%   86 KiB  87.8kB/s    00:01
[3/24] Fetching py36-cryptography-2.6.1.txz: 100%  326 KiB 334.0kB/s    00:01
[4/24] Fetching py36-six-1.12.0.txz: 100%   19 KiB  18.9kB/s    00:01
[5/24] Fetching py36-cffi-1.12.3.txz: 100%  200 KiB 205.0kB/s    00:01
[6/24] Fetching py36-pycparser-2.19.txz: 100%  164 KiB 167.6kB/s    00:01
[7/24] Fetching py36-asn1crypto-0.24.0.txz: 100%  156 KiB 159.3kB/s    00:01
[8/24] Fetching py36-josepy-1.2.0.txz: 100%   73 KiB  75.3kB/s    00:01
[9/24] Fetching py36-acme-0.35.1,1.txz: 100%  125 KiB 128.2kB/s    00:01
[10/24] Fetching py36-requests-toolbelt-0.8.0.txz: 100%    4 MiB   1.6MB/s    00:03
[11/24] Fetching py36-requests-2.21.0.txz: 100%   82 KiB  84.4kB/s    00:01
[12/24] Fetching py36-chardet-3.0.4_1.txz: 100%  154 KiB 157.9kB/s    00:01
[13/24] Fetching py36-certifi-2019.6.16.txz: 100%  145 KiB 148.0kB/s    00:01
[14/24] Fetching py36-urllib3-1.22,1.txz: 100%  157 KiB 161.1kB/s    00:01
[15/24] Fetching py36-pysocks-1.7.0.txz: 100%   23 KiB  23.8kB/s    00:01
[16/24] Fetching py36-idna-2.8.txz: 100%   76 KiB  78.2kB/s    00:01
[17/24] Fetching py36-pytz-2019.1,1.txz: 100%  157 KiB 160.4kB/s    00:01
[18/24] Fetching py36-pyrfc3339-1.1.txz: 100%    8 KiB   8.1kB/s    00:01
[19/24] Fetching py36-zope.interface-4.6.0.txz: 100%  190 KiB 194.7kB/s    00:01
[20/24] Fetching py36-zope.component-4.2.2.txz: 100%   91 KiB  93.4kB/s    00:01
[21/24] Fetching py36-zope.event-4.1.0.txz: 100%    8 KiB   7.8kB/s    00:01
[22/24] Fetching py36-parsedatetime-2.4_1.txz: 100%   57 KiB  58.3kB/s    00:01
[23/24] Fetching py36-configobj-5.0.6_1.txz: 100%   51 KiB  52.1kB/s    00:01
[24/24] Fetching py36-configargparse-0.14.0.txz: 100%   24 KiB  24.5kB/s    00:01
Checking integrity... done (0 conflicting)
[1/24] Installing py36-pycparser-2.19...
[1/24] Extracting py36-pycparser-2.19: 100%
[2/24] Installing py36-six-1.12.0...
[2/24] Extracting py36-six-1.12.0: 100%
[3/24] Installing py36-cffi-1.12.3...
[3/24] Extracting py36-cffi-1.12.3: 100%
[4/24] Installing py36-asn1crypto-0.24.0...
[4/24] Extracting py36-asn1crypto-0.24.0: 100%
[5/24] Installing py36-cryptography-2.6.1...
[5/24] Extracting py36-cryptography-2.6.1: 100%
[6/24] Installing py36-openssl-19.0.0...
[6/24] Extracting py36-openssl-19.0.0: 100%
[7/24] Installing py36-pysocks-1.7.0...
[7/24] Extracting py36-pysocks-1.7.0: 100%
[8/24] Installing py36-idna-2.8...
[8/24] Extracting py36-idna-2.8: 100%
[9/24] Installing py36-chardet-3.0.4_1...
[9/24] Extracting py36-chardet-3.0.4_1: 100%
[10/24] Installing py36-certifi-2019.6.16...
[10/24] Extracting py36-certifi-2019.6.16: 100%
[11/24] Installing py36-urllib3-1.22,1...
[11/24] Extracting py36-urllib3-1.22,1: 100%
[12/24] Installing py36-requests-2.21.0...
[12/24] Extracting py36-requests-2.21.0: 100%
[13/24] Installing py36-pytz-2019.1,1...
[13/24] Extracting py36-pytz-2019.1,1: 100%
[14/24] Installing py36-josepy-1.2.0...
[14/24] Extracting py36-josepy-1.2.0: 100%
[15/24] Installing py36-requests-toolbelt-0.8.0...
[15/24] Extracting py36-requests-toolbelt-0.8.0: 100%
[16/24] Installing py36-pyrfc3339-1.1...
[16/24] Extracting py36-pyrfc3339-1.1: 100%
[17/24] Installing py36-zope.interface-4.6.0...
[17/24] Extracting py36-zope.interface-4.6.0: 100%
[18/24] Installing py36-zope.event-4.1.0...
[18/24] Extracting py36-zope.event-4.1.0: 100%
[19/24] Installing py36-acme-0.35.1,1...
[19/24] Extracting py36-acme-0.35.1,1: 100%
[20/24] Installing py36-zope.component-4.2.2...
[20/24] Extracting py36-zope.component-4.2.2: 100%
[21/24] Installing py36-parsedatetime-2.4_1...
[21/24] Extracting py36-parsedatetime-2.4_1: 100%
[22/24] Installing py36-configobj-5.0.6_1...
[22/24] Extracting py36-configobj-5.0.6_1: 100%
[23/24] Installing py36-configargparse-0.14.0...
[23/24] Extracting py36-configargparse-0.14.0: 100%
[24/24] Installing py36-certbot-0.35.1,1...
[24/24] Extracting py36-certbot-0.35.1,1: 100%

Message from py36-urllib3-1.22,1:
Be careful, support of IPv6 is broken with PySocks 1.5.7.

Message from py36-certbot-0.35.1,1:
===========================================================================

This port installs the "standalone" client only, which does not use and
is not the certbot-auto bootstrap/wrapper script.

The simplest form of usage to obtain certificates is:

 # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>

NOTE:

The client requires the ability to bind on TCP port 80 or 443 (depending
on the --preferred-challenges option used). If a server is running on that
port, it will need to be temporarily stopped so that the standalone server
can listen on that port to complete the challenge authentication process.

For more information on the 'standalone' mode, see:

  https://certbot.eff.org/docs/using.html#standalone

The certbot plugins to support apache and nginx certificate installation
will be made available in the following ports:

 * Apache plugin: security/py-certbot-apache
 * Nginx plugin: security/py-certbot-nginx

===========================================================================
# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: ns3.te-clan.ch
    Domains: ns3.te-clan.ch
    Expiry Date: 2019-11-17 07:43:26+00:00 (VALID: 89 days)
    Certificate Path: /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/fullchain.pem
    Private Key Path: /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# certbot certonly --standalone -d XXX
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): XXX

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ns3.te-clan.ch
Waiting for verification...
Challenge failed for domain ns3.te-clan.ch
http-01 challenge for ns3.te-clan.ch
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: ns3.te-clan.ch
   Type:   connection
   Detail: dns :: DNS problem: NXDOMAIN looking up A for
   ns3.te-clan.ch

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /usr/local/etc/letsencrypt. You should
   make a secure backup of this folder now. This configuration
   directory will also contain certificates and private keys obtained
   by Certbot so making regular backups of this folder is ideal.

# ping ns3.te-clan.ch
ping: cannot resolve ns3.te-clan.ch: Unknown host

### DNS CONFIG ###

# ping ns3.te-clan.ch
PING ns3.te-clan.ch (185.72.247.169): 56 data bytes
64 bytes from 185.72.247.169: icmp_seq=0 ttl=64 time=0.162 ms
64 bytes from 185.72.247.169: icmp_seq=1 ttl=64 time=0.159 ms

# certbot certonly --standalone -d ns3.te-clan.ch
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ns3.te-clan.ch
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/fullchain.pem
   Your key file has been saved at:
   /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/privkey.pem
   Your cert will expire on 2019-11-17. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
# service apache24 stop
Stopping apache24.
Waiting for PIDS: 46220.

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/ns3.te-clan.ch.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ns3.te-clan.ch
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/usr/local/etc/letsencrypt/live/ns3.te-clan.ch/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /usr/local/etc/letsencrypt/live/ns3.te-clan.ch/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Leave a Reply

Your email address will not be published. Required fields are marked *