Difference between revisions of "Let's Encrypt configuration"
From rdkwiki
m |
|||
Line 11: | Line 11: | ||
== Check the configuration of Apache and restart == | == Check the configuration of Apache and restart == | ||
− | * ''' | + | * '''apachectl configtest''' --> Apache configuration-test |
* '''systemctl restart httpd''' --> restart Apache | * '''systemctl restart httpd''' --> restart Apache | ||
Latest revision as of 09:36, 25 November 2016
Contents
Intro
The steps below will configure certificates from Let's Encrypt on your Apache webserver. These steps assume that you have a CentOS 7 server running with a working Apache configuration. Also as a prerequisite you need to have the ports http (tcp/80) and https (tcp/443) open to the Apache webserver that you're going to secure.
Install dependencies
- yum install epel-release mod_ssl --> install needed components to make the certbot available for installation.
- yum install python-certbot-apache --> install the certbot
Setup certificate
- certbot --apache -d <subdomain>.<domainname>.<tld> --> configure certificate for your domain. (you can add multiple domains -d sub.domain1.com -d sub2.domain.com)
Check the configuration of Apache and restart
- apachectl configtest --> Apache configuration-test
- systemctl restart httpd --> restart Apache
Check renewal (optional)
- certbot renew --> renew certificates manually
schedule renewal (optional)
- crontab -e --> edit crontab for root
- add: 30 2 * * 1 root /usr/bin/certbot renew >> /var/log/le-renew.log --> this example will schedule automatic renewal each Monday night at 2.30am and write logging to le-renew.log.
Generate certificate only (optional)
- letsencrypt certonly --standalone -d .<domainname>.<tld> --> this will generate the necessary certificates without installing them.