Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge.
...
Install required compontents for Let's Encrypt
Code Block |
---|
|
# Step 1: Installing dependent modules
sudo yum install -y epel-release mod_ssl
# Step 2: Downloading the Let’s Encrypt client
sudo yum install -y python-certbot-apache |
Create SSL certificate
Code Block |
---|
|
sudo certbot --apache -d kurapa.com |
...
Code Block |
---|
|
$ sudo certbot --apache -d kurapa.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for kurapa.com
Performing the following challenges:
http-01 challenge for kurapa.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/httpd/conf.d/vhosts.conf
Redirecting vhost in /etc/httpd/conf.d/vhosts.conf to ssl vhost in /etc/httpd/conf.d/vhosts.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://kurapa.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/kurapa.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/kurapa.com/privkey.pem
Your certificate will expire on 2022-01-19. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
$ |
How to update SSL?
Code Block |
---|
sudo certbot certonly -n --apache -d kurapa.com |
...