Differences

This shows you the differences between two versions of the page.

Link to this comparison view

technology:linux:certbot_on_centos_7 [2019/08/22 16:59]
travis created
technology:linux:certbot_on_centos_7 [2019/08/22 17:06] (current)
travis
Line 1: Line 1:
 +====== Certbot on CentOS 7 ======
 +
 Installing Certbot is an automated way to issue and renew Let's Encrypt certificates from your Linux box. This is done on CentOS 7 with NGINX. Installing Certbot is an automated way to issue and renew Let's Encrypt certificates from your Linux box. This is done on CentOS 7 with NGINX.
  
 +Install EPEL if it is not already installed.
 +
 +<konsole root>
 +# yum -y install epel-release
 +</​konsole>​
 +
 +Install NGINX if it is not already installed.
 +
 +<konsole root>
 +# yum -y install nginx
 +</​konsole>​
 +
 +Install Certbot
 +
 +<konsole root>
 +# yum -y install certbot python2-certbot-nginx
 +</​konsole>​
 +
 +Now you can simply run:
 +
 +<konsole root>
 +# certbot --nginx
 +</​konsole>​
 +
 +And then walk through the configuration:​
 +
 +<konsole root>
 +[root@ext-proxy01 ~]# certbot --nginx
 +Saving debug log to /​var/​log/​letsencrypt/​letsencrypt.log
 +Plugins selected: Authenticator nginx, Installer nginx
 +Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
 +
 +Which names would you like to activate HTTPS for?
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +1: bugzilla.X.net
 +2: trac.X.net
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Select the appropriate numbers separated by commas and/or spaces, or leave input
 +blank to select all options shown (Enter '​c'​ to cancel): 2
 +Obtaining a new certificate
 +Performing the following challenges:
 +http-01 challenge for trac.X.net
 +Waiting for verification...
 +Cleaning up challenges
 +Deploying Certificate to VirtualHost /​etc/​nginx/​conf.d/​proxy.conf
 +
 +Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +1: No redirect - Make no further changes to the webserver configuration.
 +2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
 +new sites, or if you're confident your site works on HTTPS. You can undo this
 +change by editing your web server'​s configuration.
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Select the appropriate number [1-2] then [enter] (press '​c'​ to cancel): 2
 +Redirecting all traffic on port 80 to ssl in /​etc/​nginx/​conf.d/​proxy.conf
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Congratulations! You have successfully enabled https://​trac.X.net
 +
 +You should test your configuration at:
 +https://​www.ssllabs.com/​ssltest/​analyze.html?​d=trac.X.net
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +IMPORTANT NOTES:
 + - Congratulations! Your certificate and chain have been saved at:
 +   /​etc/​letsencrypt/​live/​trac.X.net/​fullchain.pem
 +   Your key file has been saved at:
 +   /​etc/​letsencrypt/​live/​trac.X.net/​privkey.pem
 +   Your cert will expire on 2019-11-20. To obtain a new or tweaked
 +   ​version of this certificate in the future, simply run certbot again
 +   with the "​certonly"​ option. To non-interactively renew *all* of
 +   your certificates,​ run "​certbot renew"
 + - If you like Certbot, please consider supporting our work by:
 +
 +   ​Donating to ISRG / Let's Encrypt: ​  ​https://​letsencrypt.org/​donate
 +   ​Donating to EFF:                    https://​eff.org/​donate-le
 +
 +
 +</​konsole>​
 +
 +For automated cert renewal, add the following to the crontab:
 +
 +''​echo "0 0,12 * * * root python -c '​import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /​etc/​crontab > /​dev/​null''​
  
technology/linux/certbot_on_centos_7.txt · Last modified: 2019/08/22 17:06 by travis
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0