concert

by minio

minio / concert

Concert is a console based certificate generation tool for https://letsencrypt.org.

196 Stars 23 Forks Last release: over 4 years ago (0.0.3) Apache License 2.0 31 Commits 2 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

DEPRECATED - This project is deprecated and not maintained anymore. It is recommended all users use https://certbot.eff.org/ instead.

Concert Slack

Concert is a console based certificate generation tool for letsencrypt.org.

Let’s Encrypt
is a free (as in free beer), automated, and open certificate authority.

Prerequisite

  • A valid domain name purchased from any domain registrar.
  • root
    access to the server pointed by the domain name.
  • Working email address for the domain.

Download

We STRONGLY RECOMMEND installing

concert
from source, because it requires root access. Download pre-built binaries from here.

Compile from Source (RECOMMENDED)

We are assuming that you have installed golang already, run the following command to download and install

concert
from source.
go get -u github.com/minio/concert

How to generate a certificate?

To generate a certificate and key for

example.com
, run the following command on
example.com
server as
root
, under
my-certs
directory.
sudo concert gen --dir my-certs [email protected] example.com
sudo ls my-certs
certs.json public.crt private.key

NOTE: Generated certificates are valid only for a maximum of 90 days. Please visit the following link for more details - https://letsencrypt.org/2015/11/09/why-90-days.html

How to generate a certificate bundle for various sub domains?

To generate certificates for

example.com
and its sub domains ‘www’, ‘ftp’ and ‘mail’, use
sub-domains
command line option. You need to run this command as
root
on the
example.com
server.
sudo concert gen --sub-domains www,ftp,mail [email protected] example.com

Successfully generated bundled certs for sub domains ‘www’, ‘ftp’ and ‘mail’.

sudo ls certs
certs.json public.crt private.key

How to renew a certificate?

To renew a certificate for example.com under ‘certs’ directory. New certs are generated and saved in the same directory as before.

sudo concert renew [email protected]

How to automatically renew certificates?

You can run

concert
in server mode to automatically renew certificates, once in every 45 days.
sudo concert server --dir my-certs [email protected] example.com

How to automatically renew certificates for various sub domains?

To automatically renew cerificates for

example.com
and its sub domains ‘www’, ‘ftp’ and ‘mail’, use
sub-domains
command line option.
sudo concert server --sub-domains www,ftp,mail [email protected] example.com

FAQ

  • Why
    concert
    requires root access?

ACME protocol requires root access to verify authenticity of the domain ownership. During the certification generation phase,

concert
temporarily listens on port
80
or
443
to allow letsencrypt.org service connect and verify the ownership. Only
root
is allowed to bind to any port below
1024
.
  • Can I run
    concert
    as non-root?

On GNU/Linux, it is possible to run as non-root by granting bind only access to

concert
.
sudo setcap cap_net_bind_service=+ep `which concert`

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.