Skip to content
This repository was archived by the owner on Nov 29, 2017. It is now read-only.

minio/concert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
certs.go
certs.go
 
 
gen.go
gen.go
 
 
main.go
main.go
 
 
options.go
options.go
 
 
renew.go
renew.go
 
 
server.go
server.go
 
 
user.go
user.go
 
 

Repository files navigation

DEPRECATED - This project is deprecated and not maintained anymore. It is recommended all users use https://certbot.eff.org/ instead.

Concert Slack

Concert is a console based certificate generation tool for letsencrypt.org. Let’s Encrypt is a free (as in free beer), automated, and open certificate authority.

Prerequisite

  • A valid domain name purchased from any domain registrar.
  • root access to the server pointed by the domain name.
  • Working email address for the domain.

Download

We STRONGLY RECOMMEND installing concert from source, because it requires root access. Download pre-built binaries from here.

Compile from Source (RECOMMENDED)

We are assuming that you have installed golang already, run the following command to download and install concert from source.

go get -u github.com/minio/concert

How to generate a certificate?

To generate a certificate and key for example.com, run the following command on example.com server as root, under my-certs directory.

sudo concert gen --dir my-certs admin@example.com example.com
sudo ls my-certs
certs.json public.crt private.key

NOTE: Generated certificates are valid only for a maximum of 90 days. Please visit the following link for more details - https://letsencrypt.org/2015/11/09/why-90-days.html

How to generate a certificate bundle for various sub domains?

To generate certificates for example.com and its sub domains ‘www’, ‘ftp’ and ‘mail’, use sub-domains command line option. You need to run this command as root on the example.com server.

sudo concert gen --sub-domains www,ftp,mail admin@example.com example.com

Successfully generated bundled certs for sub domains ‘www’, ‘ftp’ and ‘mail’.

sudo ls certs
certs.json public.crt private.key

How to renew a certificate?

To renew a certificate for example.com under ‘certs’ directory. New certs are generated and saved in the same directory as before.

sudo concert renew admin@example.com

How to automatically renew certificates?

You can run concert in server mode to automatically renew certificates, once in every 45 days.

sudo concert server --dir my-certs admin@example.com example.com

How to automatically renew certificates for various sub domains?

To automatically renew cerificates for example.com and its sub domains ‘www’, ‘ftp’ and ‘mail’, use sub-domains command line option.

sudo concert server --sub-domains www,ftp,mail admin@example.com example.com

FAQ

  • Why concert requires root access?

ACME protocol requires root access to verify authenticity of the domain ownership. During the certification generation phase, concert temporarily listens on port 80 or 443 to allow letsencrypt.org service connect and verify the ownership. Only root is allowed to bind to any port below 1024.

  • Can I run concert as non-root?

On GNU/Linux, it is possible to run as non-root by granting bind only access to concert.

sudo setcap cap_net_bind_service=+ep `which concert`

About

Concert is a console based certificate generation tool for https://letsencrypt.org.

Topics

letsencrypt ssl-certificates certificate-generation

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

194 stars

Watchers

10 watching

Forks

21 forks
Report repository

Releases 2

Support for sub-domain release Latest
Apr 1, 2016
+ 1 release

Packages

No packages published

Contributors 6

Languages