/

Lets Encrypt


Click here to download a handy shortcut file for the following Let's Encrypt process

If not using Let’s Encrypt, this section may be skipped.

Installing Lets Encrypt

To create our certificate and chain, we first clone the letsencrypt project repository:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

To prepare our environment and see the available options, execute the following command:

./letsencrypt-auto --help

System dependencies will be downloaded and installed; you may also see some warnings like this, which may be disregarded:

InsecurePlatformWarning
./root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

If Red5 Pro is running at this point, shut it down.## Installing

To create our certificate and chain, we first clone the letsencrypt project repository:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

To prepare our environment and see the available options, execute the following command:

./letsencrypt-auto --help

System dependencies will be downloaded and installed; you may also see some warnings like this, which may be disregarded:

InsecurePlatformWarning
./root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

If Red5 Pro is running at this point, shut it down.

Get The Certificate

To obtain a CA signed certificate from Let’s Encrypt, substitute the yourname@example.com with your email address and ssl.example.com with the fully qualified domain name for your Red5 Pro server in the command below (multiple hostnames may be supplied with additional “-d” options):

./certbot-auto certonly --standalone --email yourname@example.com --agree-tos -d ssl.example.com

Note: Let's Encrypt uses ports 80 and 443 to validate that the registered domain name is associated with the IP address of the server from which you are running this command, so make sure that inbound access for those ports is enabled when you make this call.

If the process completes successfully, you will see a message similar to this:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ssl.example.com/fullchain.pem. Your cert will
   expire on 2018-03-20. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Please note that these particular certificates expire after 90 days and must be renewed.

You can renew by running the above command again.

If the hostname is improperly configured in DNS or some other issue occurs, you may see this message:

Failed authorization procedure. ssl.example.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Server failure at resolver

IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through
   e-mails sent to yourname@example.com.
 - The following 'urn:acme:error:connection' errors were reported by
   the server:

   Domains: ssl.example.com
   Error: The server could not connect to the client to verify the
   domain
 - Your account credentials have been saved in your Let's Encrypt
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Let's
   Encrypt so making regular backups of this folder is ideal.