Author Topic: Certbot installation and requesting certificate (CentOS 7)  (Read 10266 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
Certbot installation and requesting certificate (CentOS 7)
« on: September 16, 2017, 05:08:25 AM »
Hello people,
As I`m having customers asking for Dedicated servers and some of them request different OS than CentOS I had to do it. The last customer asked for Ubuntu 16.04 LTS to run some game server and he get it. When he asked for help to install ssl on his page I got confused. I searched a bit on the internet and I found certbot which I found for very easy to use and the strange part - it gave me a green bar certificate. Let`s see the installation:
-> Installing the EPEL repo
Code: [Select]
yum -y install epel-release-> Installing Certbot
Code: [Select]
yum -y install python-certbot-apache-> Checking if Apache is running
Code: [Select]
systemctl status httpdIf Apache is not running use the following command to start it:
Code: [Select]
systemctl start httpdor
Code: [Select]
service httpd startIf Apache is running just skip the above commands.
-> Check if your site is reachable using cURL:
Code: [Select]
curl your-site.com-> Request a certificate:
Code: [Select]
certbot --apache -d your-site.comor
Code: [Select]
certbot --apache -d your-site.com -d mail.your-site.com -d www.your-site.com -d ftp.your-site.com -d ....Note that certbot will check if your-site.com/mail.your-site.com and others have A record in the DNS server. If they don`t - will give an error. If everything is ok you will have to answer few simple questions like a recovery email if you lost your cert and should it always redirect to https than http and you`re done. Certbot is requesting certificatest from Let's Encrypt.
-> Check if you SSL is working
Code: [Select]
https://www.ssllabs.com/ssltest/analyze.html?d=your-site.com&latest-> Try to renew your SSL cert to see if it`s working
Code: [Select]
certbot renewIf you get output similar to this you are ok:
Code: [Select]
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/example.com/fullchain.pem (skipped)
No renewals were attempted.
-> Adding Certbot Renew to crontab
Code: [Select]
crontab -e-> Every 30 days 2h .... renew
Code: [Select]
30 2 * * * /usr/bin/certbot renew >> /var/log/le-renew.logClose and save the crontab. You are done. Have fun with your new SSL certificate.
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...

Offline
***
Re: Certbot installation and requesting certificate (CentOS 7)
« Reply #1 on: September 16, 2017, 01:37:05 PM »
Awesome, thanks for sharing these instructions. :)
https://www.24x7servermanagement.com/
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !!

Offline
*
Re: Certbot installation and requesting certificate (CentOS 7)
« Reply #2 on: February 20, 2021, 06:16:21 PM »
While creating a new certificate I get this:

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

What do I do?