Author Topic: Certbot installation and requesting certificate (CentOS 6)  (Read 85 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
Certbot installation and requesting certificate (CentOS 6)
« on: October 08, 2017, 11:30:15 AM »
Ok. Let`s make our life more easy with GREEN status bar in most web browsers for FREE with Certbot from https://www.eff.org
First of all let`s get Certbot for CentOS 6 in root directory.
Change current directory to /root:
Code: [Select]
cd /root
Download Certbot from the official website:
Code: [Select]
wget https://dl.eff.org/certbot-auto
Now let`s make the file executable:
Code: [Select]
chmod a+x certbot-autoNow let`s create our first SSL Certificate:
Code: [Select]
./certbot-auto certonly --email youremail@server.com --agree-tos --renew-by-default -d your-domain.comyouremail@server.com -> replace by real email
your-domain.com -> replace with your domain
you can create your-domain.com, www.your-domain.com, mail.your-domain.com, ftp.your-domain.com, whatever.your-domain.com certificate BUT ...
DOMAIN OR SUBDOMAIN MUST BE POINTED TO A RECORD IN DNS SERVER!!! SUBDOMAINS POINTED TO CNAME RECORD WILL RETURN ERROR AND THE SSL CERTIFICATE WILL NOT BE CREATED!!!

Once your SSL Certificate is created with the key, they will be placed as it follows:
SSL Certificate:
Code: [Select]
/etc/letsencrypt/live/your-domain.com/fullchain.pemSSL Key:
Code: [Select]
/etc/letsencrypt/live/your-domain.com/privkey.pemNow let`s check your SSL Certificate:
Code: [Select]
https://www.ssllabs.com/ssltest/analyze.html?d=your-site.com&latestLet`s try the renew:
Code: [Select]
./certbot-auto renewIf you get something like this:
Code: [Select]
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/your-domain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/your-domain.com/fullchain.pem (skipped)
No renewals were attempted.
Than you are ok.
Let`s add Certbot renew to crontab:
Code: [Select]
crontab -eLet`s set it to try the renew twice a day:
Code: [Select]
0 0,12 * * * /root/certbot-auto renew >> /var/log/le-renew.log
Close and save the crontab. You are done. Have fun with your new SSL Certificate and GREEN bar in your browser for FREE.
Current uptime:
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...

Offline
**
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #1 on: October 09, 2017, 02:12:16 AM »
Thanks for sharing this tutorial. :)
https://www.24x7servermanagement.com/
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !!

Offline
***
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #2 on: October 09, 2017, 05:25:31 AM »
Note: If you are using Python 2.6.x, every time when you execute certbot-auto you will see a warning that Python 2.6 is outdated or going to it`s end of life and in the next version of certbot-auto it will be not supported. Or blah blah blah blah. Don`t worry. It`s just a warning, not an error. It`s going to show you /path/to/file/__init__.py:26 Warning: ..... If you want you can open this file and comment the last lines where is the warning. The whole function for warning.warn(as I remember) and you will not see this warning again. Or if you want you can Google how to update Python from 2.6.x to 2.7.x or 3.6.x on CentOS 6. A little bit long and annoying process but if it`s gonna make you feel safe - do it. Have fun.
Current uptime:
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...