[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

Get and manage your SSL certificate with Let's Encrypt

2019.01.23

table of contents

1 What is Let's Encrypt?
2 Installing the certbot client
3 Obtaining a certificate
4 Verify certificate
5 Certificate renewal
6 summary

Hello! This is Shimeji from the System Solutions Department.
Do you know about his SSL certificate?
This is an electronic certificate for encrypting communication data, and these days it is installed by default on websites.

However, this certificate has an expiration date, and once it expires, you must renew the certificate.
For those who find it troublesome to carry out such update work, we recommend "Let's Encrypt" which can automate the update work.

What is Let's Encrypt?

This service is provided by the American non-profit organization ISRG.
Surprisingly, this service is completely free to issue certificates! (excluding data communication charges.)
If you don't use it, you're missing out.

Although it is a bit of a hassle, it is well worth using this service.

Then the steps are as follows.

Installing the certbot client

install epel

yum install epel-release

Install certbot

yum install --enablerepo=epel certbot python-certbot-apache

Obtaining a certificate

Please execute the command below to obtain it.

certbot certonly --webroot \ -w [Document root] \ -d [Domain name] \ -m [Email address] \ --agree-tos -n

- Please change [Document root], [Domain name], and [Email address] as appropriate to suit your environment.
- A file will be automatically created under the document root and authentication will be performed using that file, so please leave port 80 open.

Verify certificate

A certificate will be instantly created in the following directory with one command.
==============================================
#Server certificate
/ etc/letsencrypt/live/[domain name]/cert.pem
#private key
/etc/letsencrypt/live/[domain name]/privkey.pem
#intermediate certificate
/etc/letsencrypt/live/[domain name]/chain. pem
==============================================
Just the certificate Please note that the renewal deadline is only 3 months.

Certificate renewal

The certificate update is completed with the command below.

certbot renew --post-hook "systemctl reload httpd"

If you register this in cron, the certificate will be automatically updated without you having to do anything else.

crontab -e [code] [code] 00 06 01 * * root /bin/certbot renew --post-hook "systemctl reload httpd"

summary

This time I wrote about how to obtain a free SSL certificate, but Beyond also handles the application and installation of other SSL certificates.
For SSL installation settings, please contact Beyond
if you need to convert your site to SSL.

If you found this article helpful , please give it a like!

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author

Shimeji mushrooms

CERTIFICATE:
- TOEIC 835
- LPIC304
- AWS Solution Architect Associate
- AWS Solution Architect Professional
- GCP Professional Cloud Architect
- IPA SC (not registered)

Kagome, Kagome,
the old man behind me, that's it.

It's my uncle. (2018)

[Internet Week 2018 What is valuable operation?] I attended the seminar How to install an old version of MySQL