How to create a certificate for Dummies


#1

I always have tribulations working with Linux (any distro). I just don’t understand why it’s so difficult AND convoluted. I’ve tried this endeavour for around three weeks now and just can’t hold my sh!t together any more, someone please help! Nothing I do works. No instruction or documentation I follow ends up with working results, I’m despondent. Why is it so difficult to create a LetsEncrypt cert? I thought this was supposed to be piss easy! Why is there no documentation that actually works? EACH and every thread/forum/blog post I consult gives me DIFFERENT instructions? How the hell is this possible? Steps being left out or totally ignored resulting in me troubleshooting and trawling through other Linux forums to fix something mundane before I can work on creating a certificate! Why?!!?

I’ve just now installed yet another distro; Ubuntu and having the exact same issues even though I’m following steps exactly. Silly things like the command “su” not working in Ubuntu (you have to use “sudo su”) just makes me want to kill myself, URGH! I have issues with almost each and every step I take. Posts instructing you to create a config file for Let’s Encrypt but fail to mention that you have to create the directory first! What, really? Why leave out this very important part?? I spent 30 minutes on a tangent before finding an obscure thread mentioning this!

Are there any good, step-by-step documentation out there, for dummies, on how to create/issue Lets Encrypt certificates? Preferably one that does not leave out details that may cause hindrance?


#2

Rage post? yay

https://letsencrypt.org/howitworks/ works as a good step by step instruction.


#3

Here is the only official fully working documentation for the client: https://letsencrypt.readthedocs.org/en/latest/using.html

I am not sure why you even needed to create a config file at all…


#4

Rage post exactly! Apologies, I’m just getting really frustrated and getting nowhere.

Thanks for the replies but those were actually the second (from Moepl) and third (from dasp) links I have visited during this endeavour. I just can’t follow the instructions, are there even any? As a result, I’ve just being digging myself deeper into a hole and ended up on a blog instructing to create config files.

I’m assuming you need to utilise just one of the mentioned plugins in order to create a cert, right? These would be the apache, standalone, webroot, manual and nginx? Again assuming Apache is the most preferred method, this is what is detailed under this plugin…

“Apache
If you’re running Apache 2.4 on a Debian-based OS with version 1.0+ of the libaugeas0 package available, you can use the Apache plugin. This automates both obtaining and installing certs on an Apache webserver. To specify this plugin on the command line, simply include --apache.”

That’s it. That’s it? Like I said, I don’t follow these instructions, it’s very scanty at best. So for a start, is Ubuntu 14 supported? What are the full command/s you need to type in order to generate a cert for a Windows based server? “simply include --apache” include in what? What is the command, ./letsencrypt -auto? And so ./letsencrypt -auto --apache? Regardless, I just get errors when I try to run the client when entering ./letsencrypt -auto. A few videos I saw showing how to do this (again, very vague and ambiguous) shows a client pop up after entering that command. I see an error “letsencrypt: error: unrecognized arguments : --uthenticator webroot” I suspect it’s some mundane fix (security permissions on the folder? ¯_(ツ)_/¯) but I’m hopeless with Linux and there are no clear, unambiguous instructions.


#5

Hey @fnanfne, I don’t know if your Ubuntu is recent enough. According to https://letsencrypt.readthedocs.org/en/latest/contributing.html#notes-on-os-dependencies you need pretty much “bleeding edge” Debian/Ubuntu version.

Please paste a copy of your /etc/debian_version file. If it doesn’t show “sid” or “squeeze”, it may not be recent enough.


#6

Ubuntu 14.04 works fine.

The executable is called letsencrypt-auto. You’re running:

letsencrypt -auto --apache

What you want to run is:

letsencrypt-auto --apache

The purpose of the apache plugin is to both acquire a certificate from Let’s Encrypt and change your existing apache web server configuration to enable SSL and use the newly-acquired certificate. If you’re not using apache for your site, or if you’re not running this on the server you’ll end up using the certificate on, --standalone might be more appropriate. Maybe you could share more details about your use-case so we can point you in the right direction.


#7

jrv, I get a permission denied error when trying to run /etc/debain_version Executing the more /etc/*-release gives results and indicates I’m running “Ubuntu 14.04.3 LTS”. But, can download and use the latest version if need be, thanks for the suggestion.

pfg, apologies, I made an egregious typo. I did in fact use the format you mentioned letsencrypt-auto --apache. I can’t copy and paste from the Linux console window so I’m left with typing it all out. Good eagle-eye spotting though!

Running letsencrypt-auto --apache OR letsencrypt-auto --manual results in the same error: unrecognized arguments: --uthenticator webroot

I suspect this has something to do with Webroot or var/www? Of course, I had to install this following instructions on some other blog. I entered the following two commands to install apache: sudo apt-get update AND sudo apt-get install apache2. Is there something else that needs to be done?

Thanks for reading…


#8

Could you paste the contents of your /etc/letsencrypt/cli.ini?


#9

Why isn’t it possible for LetsEncrypt to write a script file that will just be clicked on this website and executed, including the commands AND checks out the necessary environment (like Apache), rights etc.?


#10

Great suggestion k_traxler.

pfg, here is the contents of that config file…I included ----'s for clarity


Authenticator = webroot
webroot-path = var/www/html
server = https://acme-v01.api.letsencrypt.org/directory
renew-by-default
agree-dev-preview
agree-tos
email = postmaster@MYDOMAIN.com

Interesting to note that I did make another typo in this file which I have now corrected when you asked me to do this. I neglected to copy over the “A” in “Authenticator” hence the error message: “unrecognized arguments: --uthenticator webroot”

This error message now correctly displays “unrecognized arguments: --Authenticator webroot” I was actually thinking this will fix it but alas, error persists!


#11

Hmmm, looks like the ----'s was omitted :confused:


#12

I could be wrong, but I’d think you’d need a leading slash on that webroot-path: /var/www/html. And it probably expects authenticator to begin with a lower-case a.


#13

short and simple guide: delete your cli.ini, remove your apache webserver (I asssume you actually don’t use the webserver), and run: ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com


#14

If, by chance, you’re using gnome-terminal you can copy with Ctrl+Shift+C (not Ctrl+C).