Get and manage your SSL certificate with Let's Encrypt

2019.01.23

1 vote, average: 1.00 / 11
1,670
X facebook Hatena Bookmark pocket
Apache Linux command operation and maintenance

Hello! This is Shimeji from the System Solutions Department.
Do you know what an SSL certificate is?
It is a digital certificate used to encrypt communication data, and these days it is common for websites to have one installed by default.

However, this certificate has an expiration date, and when it expires, you must renew the certificate.
If you find this renewal process troublesome, we recommend "Let's Encrypt," which can automate the renewal process.

What is Let's Encrypt?

This service is provided by the American non-profit organization ISRG.
Amazingly, issuing certificates for this service is completely free! (Data communication fees excluded.)
You'd be missing out if you didn't use it.

Although it's a bit of a hassle, it's well worth using this service

So, here are the steps:

Installing the certbot client

Install epel
yum install epel-release
Install certbot
yum install --enablerepo=epel certbot python-certbot-apache

Obtaining a certificate

To obtain it, run the following command:

certbot certonly --webroot \ -w [Document root] \ -d [Domain name] \ -m [Email address] \ --agree-tos -n

・Please change [Document Root], [Domain Name], and [Email Address] as appropriate to your environment.
・A file will be automatically created under the document root, and authentication will be performed using that file, so please leave port 80 open.

Certificate Verification

With just one command, a certificate will be instantly created in the following directory.
===============================================
#Server certificate
/etc/letsencrypt/live/【domain name】/cert.pem
#Private key
/etc/letsencrypt/live/【domain name】/privkey.pem
#Intermediate certificate
/etc/letsencrypt/live/【domain name】/chain.pem
===================================================
However, please note that the certificate renewal period is only 3 months.

Certificate renewal

The certificate renewal will be completed with the following command

certbot renew --post-hook "systemctl reload httpd"

If you register this in cron, the certificate will be updated automatically without you having to do anything else

crontab -e [code] [code] 00 06 01 * * root /bin/certbot renew --post-hook "systemctl reload httpd"

summary

This time, I wrote about how to obtain a free SSL certificate, but Beyond also handles the application and installation of other SSL certificates.
If
you need to SSL-enable your website, please contact Beyond.

If you found this article helpful , please give it a like!
1
Loading...
1 vote, average: 1.00 / 11
1,670
X facebook Hatena Bookmark pocket

The person who wrote this article

About the author

Shimeji mushrooms

CERTIFICATE:
- TOEIC 835
- LPIC304
- AWS Solution Architect Associate
- AWS Solution Architect Professional
- GCP Professional Cloud Architect
- IPA SC (not registered)

Kagome, Kagome,
the old man behind me, that's it.

It's my uncle. (2018)

[Internet Week 2018: What is Valuable Operation?] I attended the seminar. How to install older versions of MySQL.