User Tools

Site Tools


plugins:letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
plugins:letsencrypt [2016/11/23 16:29]
nuxwin [Let's Encrypt Rate Limits]
plugins:letsencrypt [2017/09/14 00:39]
nuxwin
Line 1: Line 1:
-====== LetsEncrypt Plugin ====== 
- 
 <WRAP center round important 60%> <WRAP center round important 60%>
-**Be aware that this documentation is always referring ​to the latest LetsEncrypt ​plugin ​version.**+**Bear in mind that this documentation is for the last released version. If you use an older version, you must refer to the README.md file inside the plugin ​archive.**
 </​WRAP>​ </​WRAP>​
  
-===== Introduction ===== +<​markdown>​ 
-This plugin ​provides free SSL certificates through the Let's Encrypt CA.+# i-MSCP LetsEncrypt ​plugin
  
-===== Requirements =====+Provides free SSL certificates through the Let's Encrypt CA.
  
-  * i-MSCP Serie 1.3.x (version >= 1.3.1 - Plugin API 1.0.5)+## Requirements
  
-==== Debian / Ubuntu packages ====+- i-MSCP Serie ≥ 1.4.x
  
-  * libarray-diff-perl +## Installation
-  * libconvert-asn1-perl +
-  * libdatetime-format-strptime-perl+
  
-You can install these packages by executing ​the following commands:+1. Be sure that all requirements as stated in the requirements section are met 
 +2. Upload the plugin through the plugin management interface 
 +3. Edit the plugin configuration file according your needs 
 +4. Install the plugin through the plugin management interface
  
-    # apt-get update +Note that the plugin installation can take up several minutes.
-    # apt-get install -y libarray-diff-perl libconvert-asn1-perl libdatetime-format-strptime-perl+
  
-===== Installation ===== +## Update
-  - Be sure that all requirements as stated in the requirements section are met +
-  - Upload the plugin through the plugin management interface +
-  - Install the plugin through the plugin management interface+
  
-Note that depending on your network connection and processor capacity, ​the installation can take up several minutes.+1. Be sure that all requirements as stated in the requirements section are met 
 +2Backup your plugin configuration file if needed 
 +3. Upload the plugin through the plugin management interface
  
-===== Update =====+Note that the plugin update can take up several minutes.
  
-  - Be sure to read the update notes in the UPDATE.md ​file +### Restore you plugin configuration ​file if needed
-  - Be sure that all requirements as stated in the requirements section are met +
-  - Upload the plugin through the plugin management interface +
-  - Update the plugin list through the plugin management interface+
  
-===== Plugin deactivation/​uninstallation =====+1. Restore your plugin configuration file (compare it with the new version first) 
 +2. Update the plugin list through the plugin management interface
  
-When deactivating,​ or when uninstalling the plugin, the existents SSL certificate lineages are not removed. Also the database entries that belong to customer SSL certificates are keep in place. This means that any SSL certificate already issued will still be usable by the customer, even if the plugin has been deactivated or uninstalled.+## Plugin deactivation/​uninstallation
  
-According to the previous sentenceIt must be noted that the current actions for SSL certificates that are displayed in the interfaceat customer and administrator levels, do not predict ​the action ​that will actually take place. ​The real action to be performed ​will be automagically determined ​by the plugin at run time (backend side), by checking the state of the SSL certificate. In other words, the plugin is smart enough to not perform new SSL certificate issuance or renewal when that is not necessary.+When deactivating or uninstalling ​the plugin, the existents ​SSL certificate 
 +lineages ​are not removed. Also, the database entries ​that belong to customer 
 +SSL certificates are keep in place. ​This means that any SSL certificate 
 +already issued ​will still be usable ​by the customer.
  
-===== Manual execution of the certbot client =====+According to the previous sentence, It must be noted that the current actions 
 +for SSL certificates that are displayed in the interface, at customer and 
 +administrator levels, do not predict the action that will actually take place.
  
-You should avoid execute ​the Certbot client manuallyor even through your own scripts, without knowing what your are doingIf you really want execute the `Certbot` client manuallyyou should at least reuse the email that is used by this plugin. You can find the email address in the /​etc/​imscp/​imscp.conf file (DEFAULT_ADMIN_ADDRESS parameter).+The real action to be performed will be automagically determined by the plugin 
 +at run timeby checking the state of the SSL certificateIn other words, the 
 +plugin is smart enough to not perform new SSL certificate issuance or renewal 
 +when that is not necessary.
  
-Be aware that not support will be given if following a manual invocation ​of the Certbot client, one or many of your SSL lineages are in inconsistent states.+## Manual execution ​of the Certbot client
  
-===== Certbot client ​version =====+You should avoid execute the `Certbotclient ​manually, or even through your 
 +own scripts, without knowing what your are doing. If you really want execute 
 +the `Certbot` client manually, you should at least reuse the email that is used 
 +by this plugin. You can find the email address in the `/​etc/​imscp/​imscp.conf` 
 +file (DEFAULT_ADMIN_ADDRESS parameter).
  
-It is possible to use latest released version or development version ​of the Certbot client ​by changing the value of the **certbot_version** configuration parameter in the plugin configuration file. Be aware that usage of the development version is discouraged ​in production environments.+Be aware that not support will be given if following a manual invocation ​of the 
 +Certbot client, one or many of your SSL certificate lineages are in 
 +inconsistent states.
  
-===== Let's Encrypt registration =====+## Certbot client version
  
-The plugin automatically process your Let's Encrypt account registration,​ using the administrator email address that you have provided during i-MSCP setup phaseIf you need change ​that email, you must not forget to run the following command to update your Let's Encrypt account:+It is possible to use latest released version or development version of the 
 +Certbot client by changing the value of the `certbot_version` configuration 
 +parameter in the plugin configuration fileBe aware that usage of the 
 +development version is discouraged in production environments.
  
-    ​certbot-auto register --update-registration ​--email <​new_email>​+## Let's Encrypt ​registration
  
-where **<​new_email>​** is your new email address.+The plugin automatically process ​your Let's Encrypt account registration,​ using 
 +the administrator ​email address ​that you have provided during i-MSCP setup 
 +phaseIf you need change that email after while, you must not forget to run 
 +the following command to update your Let's Encrypt account:
  
-If you don't do so, a new account will be created using the new email address and there will be inconsistencies with SSL certificate lineages, making the plugin unable to work properly.+``` 
 +certbot register --update-registration --email <​new_email>​ 
 +```
  
-===== Let's Encrypt Rate Limits =====+where `<​new_email>​` is your new email address.
  
-Be sure to read https://​letsencrypt.org/​docs/​rate-limits+If you don't do so, a new account will be created using the new email address 
 +and there will be inconsistencies with SSL certificate lineages, making the 
 +plugin unable ​to work properly.
  
-Note that when the Let's Encrypt ​limits are reached, the plugin will automatically set the status of the SSL certificate to **pending**. The pending tasks are postponed as long as the limits are not released.+## Let's Encrypt ​Rate Limits
  
-===== Let's Encrypt SSL certificates for the control panel and services (FTP, IMAP/POP and SMTP) =====+Be sure to read https://​letsencrypt.org/​docs/​rate-limits
  
-To enable ​Let's Encrypt ​for the control panel and/or services you must in order:+Note that when the Let's Encrypt ​limits are reached, the plugin will 
 +automatically set the status of the SSL certificate to `pending`. 
 +The pending tasks are postponed as long as the limits are not released.
  
-  - Enable SSL on i-MSCP side for the control panel and/or services, by choosing the `self-signed` SSL certificate option +## Let's Encrypt ​SSL certificates ​for the control panel and services (FTP, IMAP/POP and SMTP)
-  - Connect as administrator to the control panel +
-  - Activate ​Let's Encrypt for the control panel and/or services through the administrator'​s Let's Encrypt interface.+
  
-The link for accessing the administrator'​s ​Let's Encrypt ​interface is available ​in the system tools page.+To enable ​Let's Encrypt ​for the control panel and/or services you must in 
 +order:
  
-Note that it is important to not disable this plugin when updating or reconfiguring ​i-MSCP ​because there is an event listener that replace ​the default SSL certificates ​by the Let's Encrypt ​SSL certificates. If the LetsEncrypt plugin is disabled, the event listener won't be registered ​and so, the SSL certificates won't be replaced.+- Enable SSL on i-MSCP ​side for the control panel and/or services, ​by choosing 
 +  ​the `self-signed` SSL certificate option 
 +- Connect as administrator to the control panel 
 +- Activate ​Let's Encrypt ​for the control panel and/or services through ​the 
 +  administrator's Let's Encrypt interface.
  
-Be aware that this feature ​is still experimental.+The link for accessing the administrator'​s Let's Encrypt interface ​is available 
 +in the `System tools` section.
  
-==== Regarding SSL certificate ​for the control panel ====+### Note for PanelRedirect plugin users
  
-Note that after enabling Let's Encrypt for the control panel, you may have to close and re-open your browserIndeedin some cases, the newly created SSL certificate is not loaded after a simple page refresh.+If you use the `PanelRedirect` plugin, you must ensure that you have a version 
 +greater or equal to `1.1.5`else, the domain validations will fail.
  
-===== Note for PanelRedirect plugin users =====+## SANs for alternative URLs
  
-If you use the `PanelRedirect` plugin, you must ensure that you have a version greater or equal to `1.1.5`, else, the domain validations will fail. +You can enable support for alternative URLs by setting the `include_altnames` 
- +configuration parameter to `true` in the plugin configuration file. Once done, 
-===== SANs for alternative URLs ===== +don't forget to trigger a plugin list update.
- +
-You can enable support for alternative URLs by setting the `include_altnames` configuration parameter to`true` in the plugin configuration file. Once done, don't forget to trigger a plugin list update.+
  
 Be aware that this parameters acts only for new SSL certificate issuances. Be aware that this parameters acts only for new SSL certificate issuances.
  
-==== Warning regarding this feature ​====+### Warning regarding this feature
  
-Due to the current Let's Encrypt rate limits, it is not recommended to enable this feature. Indeed, each SSL certificate issuance for which a SAN is added for an alternative URL will hits the `Certificate per Registered Domain` limit (20 per week) for the control panel domain. This explain why this feature is turned off by default.+Due to the current Let's Encrypt rate limits, it is not recommended to enable 
 +this feature. Indeed, each SSL certificate issuance for which a SAN is added 
 +for an alternative URL will possibly ​hits the `Certificate per Registered 
 +Domain` limit (20 per week) for the control panel domain. This explain why this 
 +feature is turned off by default.
  
-Note that alternative URLs as provided by i-MSCP are meant to allow the customers to access their domains for DNS propagation time. These URLs should not be exposed publicly.+Note that alternative URLs as provided by i-MSCP are meant to allow the 
 +customers to access their domains for DNS propagation time. These URLs should 
 +not be exposed publicly.
  
-===== Plugin translation ​=====+## Plugin translation
  
-You can translate this plugin using a gettext translation editor such as poedit. Translation files are located under the ./l10n directory, inside of this plugin archive. Once translated you can send us your translation file (po file) for integration in future release.+You can translate this plugin using a gettext translation editor such as 
 +`Poedit`. Translation files are located under the `./l10ndirectory, inside of 
 +the plugin archive. Once translated you can send us your translation file (po 
 +file) for integration in future release.
  
-Note that if no translation file exists for your localization in the ./l10n/po directory, you must create it first from the l10n/​LetsEncrypt.pot file. Be aware that your file must be UTF-8, else, it won't be accepted.+Note that if no translation file exists for your localization in the 
 +`./l10n/podirectory, you must create it first from the `l10n/​LetsEncrypt.pot
 +file. Be aware that your file must be `UTF-8`, else, it won't be accepted.
  
-===== License ​=====+## License
  
     i-MSCP LetsEncrypt plugin     i-MSCP LetsEncrypt plugin
-    ​+
     @author Laurent Declercq <​l.declercq@nuxwin.com>​     @author Laurent Declercq <​l.declercq@nuxwin.com>​
-    ​@author Ninos Ego <​me@ninosego.de>​ +    @copyright (C) 2016-2017 Laurent Declercq <​l.declercq@nuxwin.com>​
-    ​@copyright (C) 2016 Laurent Declercq <​l.declercq@nuxwin.com+
-    @copyright (C) 2016 Ninos Ego <​me@ninosego.de>+
     @license i-MSCP License <​https://​www.i-mscp.net/​license-agreement.html>​     @license i-MSCP License <​https://​www.i-mscp.net/​license-agreement.html>​
  
 See the LICENSE file inside the archive for further details. See the LICENSE file inside the archive for further details.
  
-===== Sponsors ​=====+## Sponsors
  
 The development of this plugin has been sponsored by: The development of this plugin has been sponsored by:
  
-[IP-Projects GmbH & Co. KG](https://​www.ip-projects.de/​ "​IP-Projects GmbH & Co. KG") + ​- ​[IP-Projects GmbH & Co. KG](https://​www.ip-projects.de/​ "​IP-Projects GmbH & Co. KG")
- +
-===== Authors =====+
  
-  * Laurent Declercq ​<l.declercq@nuxwin.com>​ +</markdown>
-  * Ninos Ego <​me@ninosego.de>+
/var/www/virtual/i-mscp.net/wiki/htdocs/data/pages/plugins/letsencrypt.txt · Last modified: 2017/09/14 00:39 by nuxwin