In this article I will tell about features of Let's Encrypt about which you should not forget, and about how to use it if your server works under control of the Plesk panel.
The Let's Encrypt project has a number of features:
- The certificate is written out for 90 days — it is impossible to forget about updating. If to do it by hands, then the chance to forget to update in time is big.
- The console client by default tries to configure Apache configuration, at the same time there is a chance that something will go not so.
- Support of nginx experimental.
- Installation of the client will demand existence of tools of the developer on the server (autotool, gcc) to collect dependences: cryptography, psutil, pure python, cffi. What, in general, is not recommended on the fighting server.
If the server works under control of a control bar with Plesk hosting, then you can not worry about these problems. We collected dependent packets for the majority of the supported Plesk'om of Axes, and also wrote the Let's Encrypt expansion for Plesk’a. It consists of 2 parts:
- the backend is an official console client with a plug-in for work with Plesk. The plug-in uses Plesk API for validation and installation of certificates.
- expansion which provides the user interface and updates the written-out certificates according to the schedule.
Let's try all this in business. We take Plesk and we set Let's Encrypt through the directory of expansions:
In installation process shell a script which will configure a repository is started, will set missing packets, will make virtualenv and the console client with a plug-in for Plesk will put in it.
On the screen of expansion we select the website and we put the certificate:
For those who already used the console client the form will remind dialog of an interactive mode. In the message on successful installation of the certificate the reference is had. We pass on it:
In an address bar the name of the protocol (HTTPS) is illuminated in the green color, that is connection with the website goes on the encoded channel and the browser trusts the certificate.
We calibrate whether the task of updating of certificates appeared in the schedule (Tools &Settings-;> Scheduled Tasks):
It was mentioned above that period of validity of the certificate of 90 days, after it it is necessary to update. The Let's Encrypt developers recommend to update certificates more often. In Plesk’e by default the certificate will be updated every month.
I will sum up the result:
- for several clicks and 1 minute of time free of charge received the certificate;
- all operations were done in the Plesk panel, it was not necessary to look in the console;
- the certificate works both at Apache, and at nginx.
Expansion is supported for modern Linux-distribution kits which are supported by Plesk.
The website devblog.plesk.com which flickers on screenshots is a blog about Plesk'e which works at the server under control of Plesk, and the certificate is written out by expansion that is described above. We try to follow the principle of "eat your own dog food" to use an own product.
Write all questions in comments, we will be glad to answer.
This article is a translation of the original post at habrahabr.ru/post/273827/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: firstname.lastname@example.org.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.