StartSSL is dead. Free certificates will no longer be issued after May 17.
It is always waiting after application.
So please use 'Let's Encrypt' free and trusted agency.
1. Make sure the server has a GIT environment installed.
2. Make sure that the PYTHON version is greater than 2.7.1 The
first step is to clone the open source scaffolding of letsencrypt from github
git clone https://github.com/letsencrypt/letsencrypt
The second step, start configuring your certificate
cd letsencrypt ./letsencrypt-auto certonly --standalone --email [email protected] -d yourdomain.com -d www.yourdomain.com
The process takes about three minutes.
If an error occurs:
Traceback (most recent call last): File "/usr/lib/python3/dist-packages/virtualenv.py", line 2363, in <module> main() File "/usr/lib/python3/dist-packages/virtualenv.py", line 719, in main symlink=options.symlink) File "/usr/lib/python3/dist-packages/virtualenv.py", line 988, in create_environment download=download, File "/usr/lib/python3/dist-packages/virtualenv.py", line 918, in install_wheel call_subprocess(cmd, show_stdout=False, extra_env=env, stdin=SCRIPT) File "/usr/lib/python3/dist-packages/virtualenv.py", line 812, in call_subprocess % (cmd_desc, proc.returncode)) OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 2 root@iZbp1j2710orfy6c8xo5cbZ:/home/letsencrypt# OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 2
Please update virtualenv
sudo pip install --upgrade virtualenv
Just type the configuration command again and again!
Agree Yes
If you configure an email, it will require you to verify. Just follow the prompts.
After the Let's Encrypt certificate is generated, there are 4 files in the
"/etc/letsencrypt/live/yourdomain.com/" directory. cert.pem - Apache server certificate chain.pem - Apache root certificate and relay certificate fullchain .pem - ssl_certificate file required by Nginx privkey.pem - security certificate KEY file If the Nginx used is configured as follows
# SSL configuration listen 443 ssl default_server; ssl on; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; server_name www.yourdomain.com;
Let's Encrypt certificates are valid for 90 days.
When it's about
to
./letsencrypt-auto certonly --renew-by-default --email your [email protected] -d your domain name.com -d www. your domain name.com
This will complete the update and continue to use it for free.