Having SSL on your website these days is important especially if you want your website to rank better on Google search, and that’s when Let’s Encrypt come into the picture.
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
Without further ado, let’s begin with the tutorial.
Step 1: Install Certbot
Installing Certbot via certbot-auto script.
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto
Step 2: Get Certificate & Edit Apache Config
./path/to/certbot-auto --apache
It should bring you through a series of steps to have your SSL certificate setup.
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel:
------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o:
Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: letsencrypt.mervintan.com ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):
Select the site you want to have SSL certificate installed on.
Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for letsencrypt.mervintan.com Waiting for verification... Cleaning up challenges Deploying Certificate for letsencrypt.mervintan.com to VirtualHost /etc/httpd/conf/httpd.conf Please choose whether HTTPS access is required or optional. ------------------------------------------------------------------------------- 1: Easy - Allow both HTTP and HTTPS access to these sites 2: Secure - Make all requests redirect to secure HTTPS access ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd.conf ------------------------------------------------------------------------------- Congratulations! You have successfully enabled https://letsencrypt.mervintan.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=letsencrypt.mervintan.com -------------------------------------------------------------------------------
Step 3: Configure CRON Job for Cert Renewal
The following are commands to renewal your SSL certificate.
Dry Run
./path/to/certbot-auto renew --dry-run
Actual Command
./path/to/certbot-auto renew
Add actual command to crontab.
sudo crontab -e
Enter :i and paste the following in the file following by ctrl+c and :wq to quit and save editor.
0 5,17 * * * ./path/to/certbot-auto renew
That’s it all is done.
0 Comments