Difference between revisions of "Let's Encrypt configuration"

From rdkwiki
Jump to: navigation, search
 
 
(One intermediate revision by the same user not shown)
Line 4: Line 4:
  
 
== Install dependencies ==
 
== Install dependencies ==
* '''sudo yum install epel-release mod_ssl''' --> install needed components to make the certbot available for installation.
+
* '''yum install epel-release mod_ssl''' --> install needed components to make the certbot available for installation.
* '''sudo yum install python-certbot-apache''' --> install the certbot
+
* '''yum install python-certbot-apache''' --> install the certbot
  
 
== Setup certificate ==
 
== Setup certificate ==
* '''sudo certbot --apache -d <subdomain>.<domainname>.<tld>''' --> configure certificate for your domain. (you can add multiple domains '''-d sub.domain1.com -d sub2.domain.com''')
+
* '''certbot --apache -d <subdomain>.<domainname>.<tld>''' --> configure certificate for your domain. (you can add multiple domains '''-d sub.domain1.com -d sub2.domain.com''')
  
 
== Check the configuration of Apache and restart ==
 
== Check the configuration of Apache and restart ==
* '''sudo apachctl configtest''' --> Apache configuration-test
+
* '''apachectl configtest''' --> Apache configuration-test
* '''sudo systemctl restart httpd''' --> restart Apache
+
* '''systemctl restart httpd''' --> restart Apache
  
 
== Check renewal (optional) ==
 
== Check renewal (optional) ==
* '''sudo certbot renew''' --> renew certificates manually
+
* '''certbot renew''' --> renew certificates manually
  
 
== schedule renewal (optional) ==
 
== schedule renewal (optional) ==
* '''sudo crontab -e''' --> edit crontab for root
+
* '''crontab -e''' --> edit crontab for root
 
* add: '''30 2 * * 1 root /usr/bin/certbot renew >> /var/log/le-renew.log''' --> this example will schedule automatic renewal each Monday night at 2.30am and write logging to le-renew.log.
 
* add: '''30 2 * * 1 root /usr/bin/certbot renew >> /var/log/le-renew.log''' --> this example will schedule automatic renewal each Monday night at 2.30am and write logging to le-renew.log.
  
 
== Generate certificate only (optional) ==
 
== Generate certificate only (optional) ==
* '''sudo letsencrypt certonly --standalone -d <sub>.<domainname>.<tld>'''  --> this will generate the necessary certificates without installing them.
+
* '''letsencrypt certonly --standalone -d <sub>.<domainname>.<tld>'''  --> this will generate the necessary certificates without installing them.

Latest revision as of 09:36, 25 November 2016

Intro

The steps below will configure certificates from Let's Encrypt on your Apache webserver. These steps assume that you have a CentOS 7 server running with a working Apache configuration. Also as a prerequisite you need to have the ports http (tcp/80) and https (tcp/443) open to the Apache webserver that you're going to secure.

Install dependencies

  • yum install epel-release mod_ssl --> install needed components to make the certbot available for installation.
  • yum install python-certbot-apache --> install the certbot

Setup certificate

  • certbot --apache -d <subdomain>.<domainname>.<tld> --> configure certificate for your domain. (you can add multiple domains -d sub.domain1.com -d sub2.domain.com)

Check the configuration of Apache and restart

  • apachectl configtest --> Apache configuration-test
  • systemctl restart httpd --> restart Apache

Check renewal (optional)

  • certbot renew --> renew certificates manually

schedule renewal (optional)

  • crontab -e --> edit crontab for root
  • add: 30 2 * * 1 root /usr/bin/certbot renew >> /var/log/le-renew.log --> this example will schedule automatic renewal each Monday night at 2.30am and write logging to le-renew.log.

Generate certificate only (optional)

  • letsencrypt certonly --standalone -d .<domainname>.<tld> --> this will generate the necessary certificates without installing them.
Retrieved from "http://wiki.rdksoft.nl/index.php?title=Let%27s_Encrypt_configuration&oldid=402"