Come on:
How certificates are generated
Let’s Encrypt has a Certification Authority (CA) that signs the certificates generated by the installed Agents on the machines being validated. This CA is trusted by all other CA’s and this is what ensures the validity of the certificate.
Before issuing the certificate, Let’s Encrypt validates whether the host control and also the host keys are actually from the person or service who is ordering the certificate through a number of challenges that I will not leave here to make the answer more succinct.
When keys are validated, LE sends a request to CA and asks for certificate validation using the RSA keys that have been validated and that certificate is stored on the machine.
Why it is necessary to insert an e-mail
The email is only necessary for LE to send you a notification when the certificates are expiring. Remembering that, as the certificates are free, their validity is only 3 months, and you can not validate them previously, only when it is a certain number of days of the certificate expire.
So when your certificates are about to expire, they send you an email warning.
Chain and Fullchain
The archive chain.pem
is the chain of trust of certificates until you get your certificate.
The fullchain.pem
is only the concatenation of your certificate with the file chain.pem
.
I hope it was enlightening! If you want to know more, the LE has a page that describes in detail the functioning of the system: https://letsencrypt.org/how-it-works/
Wallace, you managed to install, but would like to understand more about the installation process?
– William Pereira
@Williampereira would like to understand more what is being done between the lines. I know for example that the
cert-auto
does all the automated process for Apache, but where does it get the certificates from? Why do I have to put an email? What is the difference between thechain.pem
and thefullchain.pem
?– Wallace Maxters
I understand, I will give a studied in the installation process of it (I already use the service) to give a good answer on the subject.
– William Pereira
Wallace, I’ve improved the question a little bit to focus on your goal which is to know how the installation process works and I’ve put the questions you’ve commented on here, if you don’t mind.
– William Pereira
Wallace, I took a step by step a while ago to set up Apache with the certificate. I can’t transcribe the answer yet, but I hope it will help. http://www.andremesquita.com/tenha-seu-site-wordpress-com-ssl-gratuitamente/
– Andre Mesquita