Let's Encrypt configuration
From rdkwiki
Contents
Intro
The steps below will configure certificates from Let's Encrypt on your Apache webserver. These steps assume that you have a CentOS 7 server running with a working Apache configuration. Also as a prerequisite you need to have the ports http (tcp/80) and https (tcp/443) open to the Apache webserver that you're going to secure.
Install dependencies
- sudo yum install epel-release mod_ssl --> install needed components to make the certbot available for installation.
- sudo yum install python-certbot-apache --> install the certbot
Setup certificate
- sudo certbot --apache -d <subdomain>.<domainname>.<tld> --> configure certificate for your domain. (you can add multiple domains -d sub.domain1.com -d sub2.domain.com)
Check the configuration of Apache and restart
- sudo apachctl configtest --> Apache configuration-test
- sudo systemctl restart httpd --> restart Apache
Check renewal (optional)
- sudo certbot renew --> renew certificates manually
schedule renewal (optional)
- sudo crontab -e --> edit crontab for root
- add: 30 2 * * 1 root /usr/bin/certbot renew >> /var/log/le-renew.log --> this example will schedule automatic renewal each Monday night at 2.30am and write logging to le-renew.log.
Generate certificate only (optional)
- sudo letsencrypt certonly --standalone -d .<domainname>.<tld> --> this will generate the necessary certificates without installing them.