Author Topic: Certbot installation and requesting certificate (CentOS 6)  (Read 19913 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
Certbot installation and requesting certificate (CentOS 6)
« on: October 08, 2017, 11:30:15 AM »
Ok. Let`s make our life more easy with GREEN status bar in most web browsers for FREE with Certbot from https://www.eff.org
First of all let`s get Certbot for CentOS 6 in root directory.
Change current directory to /root:
Code: [Select]
cd /root
Download Certbot from the official website:
Code: [Select]
wget https://dl.eff.org/certbot-auto
Now let`s make the file executable:
Code: [Select]
chmod a+x certbot-autoNow let`s create our first SSL Certificate:
Code: [Select]
./certbot-auto certonly --email youremail@server.com --agree-tos --renew-by-default -d your-domain.comyouremail@server.com -> replace by real email
your-domain.com -> replace with your domain
you can create your-domain.com, www.your-domain.com, mail.your-domain.com, ftp.your-domain.com, whatever.your-domain.com certificate BUT ...
DOMAIN OR SUBDOMAIN MUST BE POINTED TO A RECORD IN DNS SERVER!!! SUBDOMAINS POINTED TO CNAME RECORD WILL RETURN ERROR AND THE SSL CERTIFICATE WILL NOT BE CREATED!!!

Once your SSL Certificate is created with the key, they will be placed as it follows:
SSL Certificate:
Code: [Select]
/etc/letsencrypt/live/your-domain.com/fullchain.pemSSL Key:
Code: [Select]
/etc/letsencrypt/live/your-domain.com/privkey.pemNow let`s check your SSL Certificate:
Code: [Select]
https://www.ssllabs.com/ssltest/analyze.html?d=your-site.com&latestLet`s try the renew:
Code: [Select]
./certbot-auto renewIf you get something like this:
Code: [Select]
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/your-domain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/your-domain.com/fullchain.pem (skipped)
No renewals were attempted.
Than you are ok.
Let`s add Certbot renew to crontab:
Code: [Select]
crontab -eLet`s set it to try the renew twice a day:
Code: [Select]
0 0,12 * * * /root/certbot-auto renew >> /var/log/le-renew.log
Close and save the crontab. You are done. Have fun with your new SSL Certificate and GREEN bar in your browser for FREE.
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...

Offline
***
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #1 on: October 09, 2017, 02:12:16 AM »
Thanks for sharing this tutorial. :)
https://www.24x7servermanagement.com/
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !!

Offline
***
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #2 on: October 09, 2017, 05:25:31 AM »
Note: If you are using Python 2.6.x, every time when you execute certbot-auto you will see a warning that Python 2.6 is outdated or going to it`s end of life and in the next version of certbot-auto it will be not supported. Or blah blah blah blah. Don`t worry. It`s just a warning, not an error. It`s going to show you /path/to/file/__init__.py:26 Warning: ..... If you want you can open this file and comment the last lines where is the warning. The whole function for warning.warn(as I remember) and you will not see this warning again. Or if you want you can Google how to update Python from 2.6.x to 2.7.x or 3.6.x on CentOS 6. A little bit long and annoying process but if it`s gonna make you feel safe - do it. Have fun.
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...

Offline
*
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #3 on: October 18, 2017, 04:19:25 PM »
Hello I've followed your isntruction and I get the message:

Creating virtual environment...
./certbot-auto: line 864: virtualenv: command not found
[root@vps ~]# pip install -U virtualenv
-bash: pip: command not found

What can I do ?
Thanks

Offline
***
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #4 on: October 18, 2017, 07:04:33 PM »
Try to run "./certbot-auto" only for the first time to download and install needed files. If not working please contact me.
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...

Offline
*
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #5 on: October 19, 2017, 08:34:25 AM »
Try to run "./certbot-auto" only for the first time to download and install needed files. If not working please contact me.
Thanks for reply. I've run certbo-auto but I receive the message
"Certbot doesn't know how to automatically configure the web server on this system."

In debug log /var/log/letsencrypt/letsencrypt.log I see this :

2017-10-19 08:22:39,453:DEBUG:certbot.main:certbot version: 0.19.0
2017-10-19 08:22:39,453:DEBUG:certbot.main:Arguments: []
2017-10-19 08:22:39,453:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEnt$
2017-10-19 08:22:39,475:DEBUG:certbot.log:Root logging level set at 20
2017-10-19 08:22:39,476:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-10-19 08:22:39,477:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2017-10-19 08:22:39,598:DEBUG:certbot_apache.configurator:Apache version is 2.4.28
2017-10-19 08:22:39,646:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache): Could not find configuration root
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/disco.py", line 130, in prepare
    self._initialized.prepare()
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/configurator.py", line 201, in prepare
    self.version, configurator=self)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/parser.py", line 55, in __init__
    self.loc = {"root": self._find_config_root()}
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/parser.py", line 702, in _find_config_root
    raise errors.NoInstallationError("Could not find configuration root")
NoInstallationError: Could not find configuration root
2017-10-19 08:22:39,660:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx):
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/disco.py", line 130, in prepare
    self._initialized.prepare()
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx/configurator.py", line 150, in prepare
    raise errors.NoInstallationError
NoInstallationError
2017-10-19 08:22:39,661:DEBUG:certbot.plugins.selection:No candidate plugin
2017-10-19 08:22:39,661:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

As deafult web server I've Apache + Varnish cache

What can I do ?


Offline
***
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #6 on: October 19, 2017, 02:23:04 PM »
Run:
Code: [Select]
./certbot-auto certonly
With CWP I`m not sure why but Certbot can`t find apache/apachectl to include the SSL certificates automaticly. You have to put them manual.
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...

Offline
*
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #7 on: October 19, 2017, 05:55:13 PM »
Thanks I've figure out ...
The problem now is SNI support, because I've 3 domains on 1 ip address.
How can I enable SNI  on my CWP ?

Thanks

Offline
***
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #8 on: October 20, 2017, 03:48:50 PM »
I have 27 domains on 1 IP, so don`t worry. Different users and different domains points on different vhosts. You can create SSL Certificates for all your domains without a problem using Certbot. Have fun.
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...

Offline
*
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #9 on: October 21, 2017, 02:59:54 PM »
Ah Ok !

Last question:
I'd like use email pop on port 995 and smtp on 465 . Can you help me or suggest me some resource/tips to achieve that ?  ;D
Thanks

Offline
***
Re: Certbot installation and requesting certificate (CentOS 6)
« Reply #10 on: October 22, 2017, 04:20:23 AM »
Since my postfix got broken by it self without touching the server for more than 20 days I started to use Zoho Mail. It`s something like what Google was offering, but now Google Mail hosting is payed. In Zoho you get 25 free email accouts and you get +5 free accouts for every new customer you invite. Ex: You register domain1.com in Zoho and you get 25 free email accounts, from one of this 25 accounts you invite somebody@gmail.com and he(you) register domain2.com in Zoho and you get +5 free accounts (30). Not that hard to make 500+ accounts when you have unlimited registrations of free domains. :D
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...