¿En qué podemos ayudarte?
Pre requisitos
- Ubuntu 16.4
- apt-get install letsencrypt
- CentOS7
- sudo yum install -y epel-release
- sudo yum install -y certbot
Validar si existe el certificado
openssl x509 -in /etc/postfix/smtpd.cert -text
Se verifica la vigencia en la siguiente sección:
Validity
Not Before: Aug 12 16:10:52 2020 GMT
Not After : Nov 10 16:10:52 2020 GMT
Se revisan los dominios existentes en el certificado multi-dominio en la siguiente sección:
X509v3 Subject Alternative Name:
DNS:*.amorcitocorazon.net, DNS:*.clubmanu.com.mx, DNS:*.corazondeangel.net, DNS:*.kpt.com.mx
Generando el certificado
Ubuntu
certbot-auto certonly --manual --preferred-challenges=dns --email cesar.vazquez@kpt.com.mx --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.kpt.com.mx -d *.amorcitocorazon.net -d *.corazondeangel.net -d *.clubmanu.com.mx
CentOS
certbot certonly --manual --preferred-challenges=dns --email cesar.vazquez@kpt.com.mx --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.kpt.com.mx -d *.amorcitocorazon.net -d *.corazondeangel.net -d *.clubmanu.com.mx
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: dns-01 challenge for amorcitocorazon.net dns-01 challenge for asecomp.com.mx dns-01 challenge for corazondeangel.net dns-01 challenge for kpt.com.mx NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? (Y)es/(N)o:
Selecionar Y
Please deploy a DNS TXT record under the name _acme-challenge.amorcitocorazon.net with the following value: rGjskCYKYIPTIzCoEkoQIuCg7ykhV6r7TibCVXrgEuw Before continuing, verify the record is deployed. Press Enter to Continue Please deploy a DNS TXT record under the name _acme-challenge.asecomp.com.mx with the following value: jPbTDcGUGQPm40vfhuOiyry51u9DpwfL_MJbzEkmEgw Before continuing, verify the record is deployed.
Pedira que agreguemos cada uno de estos registors tipo TXT a cada uno de los dominios (ver la siguiente liga si se usa nsupdate )
Press Enter to Continue Waiting for verification… Cleaning up challenges IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/kpt.com.mx/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/kpt.com.mx/privkey.pem Your cert will expire on 2020-03-29. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew all of your certificates, run "certbot-auto renew" If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Al terminar se generan los certificados en /etc/letsencript/live, se puede validar el certificado con el siguiente comando
openssl x509 -in /etc/letsencrypt/live/kpt.com.mx/fullchain.pem -text
Ya se puede usar el certificado en el servicio que se requiera.
Para la renovacion se tiene que correr el mismo comando