Avec https://blog.blaisot.org/letsencrypt-wildcard-part2.html

Avec :

• https://www.tecmint.com/install-varnish-cache-for-apache-on-debian-and-ubuntu/
• https://www.cyberciti.biz/faq/how-to-install-and-configure-varnish-cache-on-ubuntu-linux-16-04-lts/
• https://www.cyberciti.biz/faq/secure-memcached-server-avoid-ddos-amplification/
• https://github.com/nicolargo/varnish-nginx-wordpress

Rajouter Let's Encrypt :

• https://info.varnish-software.com/blog/five-steps-to-secure-varnish-with-hitch-and-lets-encrypt

sudo certbot --authenticator standalone --installer nginx -d <domain> --pre-hook "service nginx stop" --post-hook "service nginx start"

rm -f /etc/courier/pop3d.pem
nano /etc/courier/pop3d.cnf
mkpop3dcert
/etc/init.d/courier-pop-ssl restart

Édit https://book.knah-tsaeb.org/?IUl_lw
Si vous utilisez Let's Encrypt et Courier il y a une subtilité :

cd /etc/letsencrypt/live/domain.tld/
cat privkey.pem cert.pem > imapd.pem
openssl gendh 1024 >>imapd.pem
cp imapd.pem /etc/courier/
service courier-imap restart
service courier-imap-ssl restart
service courier-authdaemon restart

This is a client for signing certificates with an ACME-server (currently only provided by Let's Encrypt) implemented as a relatively simple bash-script.

It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed.

Avec :

• https://github.com/Lone-Coder/letsencrypt-win-simple (CLI)
• https://github.com/webprofusion/Certify (CLI)
• http://certify.webprofusion.com/ (GUI)

Add : https://github.com/mattenz/Windows-LetsEncrypt-Certificate-Renewal/blob/master/cert_renewal.ps1

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth

Serveur d'auth pour la beta, rien à faire à la main, tout est pris en charge par leur client.
Juste penser à renew, vu la durée de vie de 2/3 mois pour l'instant.