Let's Encrypt: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 29: Line 29:
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
</syntaxhighlight>
</syntaxhighlight>
Make sure that the host we're requesting certificates from is online and accessible over HTTP on port 80. Assuming that we request a certificate for pkb.feodorov.com, add the following virtual host at the end of <code>httpd.conf</code>:
<syntaxhighlight lang='xml'>
<VirtualHost <public-ip>:80>
    ServerName pkb.feodorov.com
    DocumentRoot "/var/www/test1"
</VirtualHost>
</syntaxhighlight>
Create <code>/var/www/test1</code>, make it belong to apache:apache.


Get and install certificates:
Get and install certificates:

Revision as of 01:15, 18 November 2021

Internal

Overview

Let's Encrypt provides free SSL certificates for web sites. The installation of those certificates is performed with certbot, as described in the Procedure section below.

Procedure

Default Certificate Installation Procedure

Prerequisites:

  • ssh access to the machine running the httpd server
  • sudo privileges

ssh into the server.

Install and/or update snapd following these instructions:

snapd Installation

Remove certbot-auto and any Certbot OS packages. If there are any Certbot packages installed with an OS package manager like apt, dnf, or yum, they should be removed before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager:

sudo yum remove certbot

Install certbot with snap. As root:

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Make sure that the host we're requesting certificates from is online and accessible over HTTP on port 80. Assuming that we request a certificate for pkb.feodorov.com, add the following virtual host at the end of httpd.conf:

<VirtualHost <public-ip>:80>
    ServerName pkb.feodorov.com
    DocumentRoot "/var/www/test1"
</VirtualHost>

Create /var/www/test1, make it belong to apache:apache.

Get and install certificates:

sudo certbot --apache

Changes:

  • /etc/httpd/conf/httpd.conf
  • /etc/httpd/conf.d/ssl.conf

Debug log: /var/log/letsencrypt/letsencrypt.log.

Wildcard Certificate Installation Procedure