sudo apt install certbot
#sudo apt install python3-certbot-nginx
#sudo apt install python3-certbot-apache
#sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@mail.com -d mydomain.com
#sudo certbot-auto certonly --standalone -d mydomain.com -d www.mydomain.com
#ls /etc/letsencrypt/live/mydomain.com
#fullchain.pem
#privkey.pem
#vi /etc/nginx/sites-available/mydomain.conf
#ssl on;
#ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
--nginx: Use the nginx plugin.
--apache: Use the Apache plugin.
--agree-tos: Agree to terms of service.
--redirect: Force HTTPS by 301 redirect.
--hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
--staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.
#sudo apt install python3-certbot-nginx
#sudo apt install python3-certbot-apache
#sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@mail.com -d mydomain.com
#sudo certbot-auto certonly --standalone -d mydomain.com -d www.mydomain.com
#ls /etc/letsencrypt/live/mydomain.com
#fullchain.pem
#privkey.pem
#vi /etc/nginx/sites-available/mydomain.conf
#ssl on;
#ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
--nginx: Use the nginx plugin.
--apache: Use the Apache plugin.
--agree-tos: Agree to terms of service.
--redirect: Force HTTPS by 301 redirect.
--hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
--staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.
No comments:
Post a Comment