Lets Encrypt
Click here to download a handy shortcut file for the following Let's Encrypt process
If not using Let’s Encrypt, this section may be skipped.
Installing Lets Encrypt
To create our certificate and chain, we first clone the letsencrypt project repository:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencryptTo prepare our environment and see the available options, execute the following command:
./letsencrypt-auto --helpSystem dependencies will be downloaded and installed; you may also see some warnings like this, which may be disregarded:
InsecurePlatformWarning
./root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.If Red5 Pro is running at this point, shut it down.## Installing
To create our certificate and chain, we first clone the letsencrypt project repository:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencryptTo prepare our environment and see the available options, execute the following command:
./letsencrypt-auto --helpSystem dependencies will be downloaded and installed; you may also see some warnings like this, which may be disregarded:
InsecurePlatformWarning
./root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.If Red5 Pro is running at this point, shut it down.
Get The Certificate
To obtain a CA signed certificate from Let’s Encrypt, substitute the yourname@example.com with your email address and ssl.example.com with the fully qualified domain name for your Red5 Pro server in the command below (multiple hostnames may be supplied with additional “-d” options):
./certbot-auto certonly --standalone --email yourname@example.com --agree-tos -d ssl.example.comNote: Let's Encrypt uses ports 80 and 443 to validate that the registered domain name is associated with the IP address of the server from which you are running this command, so make sure that inbound access for those ports is enabled when you make this call.
If the process completes successfully, you will see a message similar to this:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ssl.example.com/fullchain.pem. Your cert will
expire on 2018-03-20. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-lePlease note that these particular certificates expire after 90 days and must be renewed.
You can renew by running the above command again.
If the hostname is improperly configured in DNS or some other issue occurs, you may see this message:
Failed authorization procedure. ssl.example.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Server failure at resolver
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to yourname@example.com.
- The following 'urn:acme:error:connection' errors were reported by
the server:
Domains: ssl.example.com
Error: The server could not connect to the client to verify the
domain
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.