letsencrypt

From WebHostingNeeds.com
Jump to: navigation, search


cd /usr/local/sbin
wget https://dl.eff.org/certbot-auto
chmod a+x /usr/local/sbin/certbot-auto

Generate SSL

certbot-auto --apache -d manage.hostonnet.com

It will ask email, accept license agreement, once done, you get message.


IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/manage.hostonnet.com/fullchain.pem. Your cert
   will expire on 2016-12-29. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot-auto again with
   the "certonly" option. To non-interactively renew *all* of your
   certificates, run "certbot-auto renew"
 - If you lose your account credentials, you can recover through
   e-mails sent to [email protected]
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[email protected]:~# 

Now edit /etc/apache2/sites-available/000-default-le-ssl.conf as required.

[email protected]:~# cat /etc/apache2/sites-available/000-default-le-ssl.conf 
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName manage.hostonnet.com
        ServerAdmin [email protected]
        DocumentRoot  /home/manage.hostonnet.com/public_html/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        SetEnvIf Request_URI "^/honadmin/" HON_ADMIN
        CustomLog ${APACHE_LOG_DIR}/admin.log combined env=HON_ADMIN
        CustomLog ${APACHE_LOG_DIR}/manage.log combined env=!HON_ADMIN
        SSLCertificateFile /etc/letsencrypt/live/manage.hostonnet.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/manage.hostonnet.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /etc/letsencrypt/live/manage.hostonnet.com/chain.pem
        <Directory "/home/manage.hostonnet.com/public_html">
            Options All
            AllowOverride All
            Require all granted
            Order allow,deny
            allow from all
        </Directory>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
[email protected]:~# 


Auto Renew

To auto renew SSL, set cronjob as follows

30 2 * * 1 /usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log


Verify service cron is running.

On Ubuntu/Debian

service cron status

On RHEL/CentOS

service crond status





ssl