Let's Encrypt configuration

From rdkwiki
Revision as of 09:36, 25 November 2016 by Rob (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Intro

The steps below will configure certificates from Let's Encrypt on your Apache webserver. These steps assume that you have a CentOS 7 server running with a working Apache configuration. Also as a prerequisite you need to have the ports http (tcp/80) and https (tcp/443) open to the Apache webserver that you're going to secure.

Install dependencies

  • yum install epel-release mod_ssl --> install needed components to make the certbot available for installation.
  • yum install python-certbot-apache --> install the certbot

Setup certificate

  • certbot --apache -d <subdomain>.<domainname>.<tld> --> configure certificate for your domain. (you can add multiple domains -d sub.domain1.com -d sub2.domain.com)

Check the configuration of Apache and restart

  • apachectl configtest --> Apache configuration-test
  • systemctl restart httpd --> restart Apache

Check renewal (optional)

  • certbot renew --> renew certificates manually

schedule renewal (optional)

  • crontab -e --> edit crontab for root
  • add: 30 2 * * 1 root /usr/bin/certbot renew >> /var/log/le-renew.log --> this example will schedule automatic renewal each Monday night at 2.30am and write logging to le-renew.log.

Generate certificate only (optional)

  • letsencrypt certonly --standalone -d .<domainname>.<tld> --> this will generate the necessary certificates without installing them.