Difference between revisions of "Let's Encrypt configuration"
From rdkwiki
m |
|||
Line 4: | Line 4: | ||
== Install dependencies == | == Install dependencies == | ||
− | * ''' | + | * '''yum install epel-release mod_ssl''' --> install needed components to make the certbot available for installation. |
− | * ''' | + | * '''yum install python-certbot-apache''' --> install the certbot |
== Setup certificate == | == Setup certificate == | ||
− | * ''' | + | * '''certbot --apache -d <subdomain>.<domainname>.<tld>''' --> configure certificate for your domain. (you can add multiple domains '''-d sub.domain1.com -d sub2.domain.com''') |
== Check the configuration of Apache and restart == | == Check the configuration of Apache and restart == | ||
− | * ''' | + | * '''apachctl configtest''' --> Apache configuration-test |
− | * ''' | + | * '''systemctl restart httpd''' --> restart Apache |
== Check renewal (optional) == | == Check renewal (optional) == | ||
− | * ''' | + | * '''certbot renew''' --> renew certificates manually |
== schedule renewal (optional) == | == schedule renewal (optional) == | ||
− | * ''' | + | * '''crontab -e''' --> edit crontab for root |
* add: '''30 2 * * 1 root /usr/bin/certbot renew >> /var/log/le-renew.log''' --> this example will schedule automatic renewal each Monday night at 2.30am and write logging to le-renew.log. | * add: '''30 2 * * 1 root /usr/bin/certbot renew >> /var/log/le-renew.log''' --> this example will schedule automatic renewal each Monday night at 2.30am and write logging to le-renew.log. | ||
== Generate certificate only (optional) == | == Generate certificate only (optional) == | ||
− | * ''' | + | * '''letsencrypt certonly --standalone -d <sub>.<domainname>.<tld>''' --> this will generate the necessary certificates without installing them. |
Revision as of 08:11, 31 October 2016
Contents
Intro
The steps below will configure certificates from Let's Encrypt on your Apache webserver. These steps assume that you have a CentOS 7 server running with a working Apache configuration. Also as a prerequisite you need to have the ports http (tcp/80) and https (tcp/443) open to the Apache webserver that you're going to secure.
Install dependencies
- yum install epel-release mod_ssl --> install needed components to make the certbot available for installation.
- yum install python-certbot-apache --> install the certbot
Setup certificate
- certbot --apache -d <subdomain>.<domainname>.<tld> --> configure certificate for your domain. (you can add multiple domains -d sub.domain1.com -d sub2.domain.com)
Check the configuration of Apache and restart
- apachctl configtest --> Apache configuration-test
- systemctl restart httpd --> restart Apache
Check renewal (optional)
- certbot renew --> renew certificates manually
schedule renewal (optional)
- crontab -e --> edit crontab for root
- add: 30 2 * * 1 root /usr/bin/certbot renew >> /var/log/le-renew.log --> this example will schedule automatic renewal each Monday night at 2.30am and write logging to le-renew.log.
Generate certificate only (optional)
- letsencrypt certonly --standalone -d .<domainname>.<tld> --> this will generate the necessary certificates without installing them.