Let's Encrypt
Internal
Overview
Let's Encrypt provides free SSL certificates for web sites. The installation of those certificates is performed with certbot, as described in the Procedure section below.
Procedure
Default Certificate Installation Procedure
Prerequisites:
- ssh access to the machine running the httpd server
- sudo privileges
ssh into the server.
Install and/or update snapd
following these instructions:
Remove certbot-auto and any Certbot OS packages. If there are any Certbot packages installed with an OS package manager like apt, dnf, or yum, they should be removed before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager:
sudo yum remove certbot
Install certbot with snap. As root:
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Make sure that the host we're requesting certificates from is online and accessible over HTTP on port 80. Assuming that we request a certificate for pkb.feodorov.com, add the following virtual host at the end of httpd.conf
:
<VirtualHost <public-ip>:80>
ServerName pkb.feodorov.com
DocumentRoot "/var/www/test1"
</VirtualHost>
Create /var/www/test1
, make it belong to apache:apache.
Get and install certificates:
sudo certbot --apache
Changes:
- /etc/httpd/conf/httpd.conf
- /etc/httpd/conf.d/ssl.conf
Debug log: /var/log/letsencrypt/letsencrypt.log
.