Get and manage SSL certificates with Let's Encrypt

2019.01.23

2 votes, average: 1.00 / 12
1,792
X Facebook Hatena Bookmark pocket
Apache Linux command operation and maintenance

Hello! This is Shimeji from the System Solutions Department.
Are you familiar with SSL certificates?
These are digital certificates used to encrypt communication data, and they're becoming standard practice on websites these days.

However, this certificate has an expiration date, and you must renew it once it expires.
For those who find this renewal process troublesome, we recommend "Let's Encrypt," which automates the renewal process.

What is Let's Encrypt?

service is provided by the American non-profit organization ISRG.
Amazingly, certificate issuance is completely free! (Data communication charges are not included.)
It would be a shame not to use it.

Although it's a bit of a hassle, it's well worth using this service

So, here are the steps:

Installing the certbot client

Install epel
yum install epel-release
Install certbot
yum install --enablerepo=epel certbot python-certbot-apache

Obtaining a certificate

To obtain it, run the following command:

certbot certonly --webroot \ -w [Document root] \ -d [Domain name] \ -m [Email address] \ --agree-tos -n

- Please change the [Document Root], [Domain Name], and [Email Address] as needed to match your environment.
- A file will be automatically created under the document root, and authentication will be performed using that file, so please keep port 80 open.

Certificate Verification

With a single command, the certificate will be created in the following directory in an instant.
=============================================
#Server certificate
/etc/letsencrypt/live/【domain name】/cert.pem
#Private key
/etc/letsencrypt/live/【domain name】/privkey.pem
#Intermediate certificate
/etc/letsencrypt/live/【domain name】/chain.pem
==============================================
However, please note that the certificate is only valid for 3 months.

Certificate renewal

The certificate renewal will be completed with the following command

certbot renew --post-hook "systemctl reload httpd"

If you register this in cron, the certificate will be updated automatically without you having to do anything else

crontab -e [code] [code] 00 06 01 * * root /bin/certbot renew --post-hook "systemctl reload httpd"

summary

This time, I wrote about how to obtain a free SSL certificate, but Beyond also provides SSL certificate application and installation services.
hand over SSL installation and configuration to Beyond,
please contact us.

If you found this article helpful,please give it a "Like"!
2
Loading...
2 votes, average: 1.00 / 12
1,792
X Facebook Hatena Bookmark pocket

The person who wrote this article

About the author

Shimeji mushrooms

  CERTIFICATE:
    - TOEIC 835
    - LPIC304
    - AWS Solution Architect Associate
    - AWS Solution Architect Professional
    - GCP Professional Cloud Architect
    - IPA SC (not registered)

Kagome, Kagome,
who's that man behind us?

I'm an old man. (2018)

I attended the "What is Valuable Operation?" seminar at Internet Week 2018. The seminar covered how to install older versions of MySQL.