====== Let's encrypt ======

certificate ssl

===== Instalacion =====

Si se tiene acceso SSH se recomienda certboot:

https://certbot.eff.org/

Instalamos certbot para la generación automática:
  apt-get install certbot python-certbot-nginx


Elegimos el certificado y ya lo hace todo
  # certbot certonly --nginx

<code>
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: txt.iwanttobefreak.com
2: api.legido.com
3: comic.legido.com
4: equipop.legido.com
5: mldonkeymadrid.legido.com
6: omc.legido.com
7: mercadosanisidro.es
8: www.soldaditospresovieticos.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
</code>


===== Renovacion manual =====

Documentar comando para renovar certificado (s)

===== Renovacion automatica =====

Crear script para poner en cron. Ideas:

https://community.letsencrypt.org/t/how-to-automatically-renew-certificates/4393/15

===== Comprobación =====
https://crt.sh/?q=%25.telebit.site


====== Instalación en Docker ======
Entramos en el docker con nginx:
  docker exec -ti nginx bash
Instalamos bot lets encrypt:
  apt-get install certbot python-certbot-nginx
Configuramos lets encrypt:
  certbot --nginx
  
Nos saldrá una lista con todos los dominios, seleccionamos el nuestro. Nos dirá si lo queremos redirigir a https, mejor que si (opción 2)
  1: No redirect - Make no further changes to the webserver configuration.
  
  2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
  new sites, or if you're confident your site works on HTTPS. You can undo this
  change by editing your web server's configuration.