Difference between revisions of "Setup free SSL from Letsencrypt"
m (Protected "Setup SSL from Letsencrypt" ([edit=sysop] (indefinite) [move=sysop] (indefinite))) |
|||
Line 10: | Line 10: | ||
You may notice that the new directory appeared: /home/user/letsencrypt. It contains scripts we need for acquiring the certs. | You may notice that the new directory appeared: /home/user/letsencrypt. It contains scripts we need for acquiring the certs. | ||
− | 3. As the free certs need to be reissued once per 3 months, | + | 3. As the free certs need to be reissued once per 3 months, it could be a good idea to add this command to cron on monthly schedule: |
− | + | cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email info@user.com --agree-tos --webroot --renew-by-default -w /home/user/public_html/ -d www.user.com -d user.com --authenticator webroot && cp -f /etc/letsencrypt/live/www.user.com/cert.pem /home/user/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.user.com/chain.pem /home/user/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.user.com/fullchain.pem /home/user/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.user.com/privkey.pem /home/user/ssl_certificates/privkey.pem | |
− | |||
4. If you manually execute the command above, you will have these files from Letsencrypt: | 4. If you manually execute the command above, you will have these files from Letsencrypt: |
Revision as of 15:52, 4 May 2017
Let's say we have a website "user.com" with its files located at /home/user/public_html and we want it to be secured with the free SSL certs from Letsencrypt.
1. Create a directory for the certs:
mkdir /home/user/ssl_certificates
2. Install Letsencrypt:
yum install git #in RHEL, Centos apt-get install git #in Debian, Ubuntu cd /home/user/ && git clone https://github.com/letsencrypt/letsencrypt
You may notice that the new directory appeared: /home/user/letsencrypt. It contains scripts we need for acquiring the certs.
3. As the free certs need to be reissued once per 3 months, it could be a good idea to add this command to cron on monthly schedule:
cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email info@user.com --agree-tos --webroot --renew-by-default -w /home/user/public_html/ -d www.user.com -d user.com --authenticator webroot && cp -f /etc/letsencrypt/live/www.user.com/cert.pem /home/user/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.user.com/chain.pem /home/user/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.user.com/fullchain.pem /home/user/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.user.com/privkey.pem /home/user/ssl_certificates/privkey.pem
4. If you manually execute the command above, you will have these files from Letsencrypt: /home/user/ssl_certificates/cert.pem
/home/user/ssl_certificates/chain.pem
/home/user/ssl_certificates/fullchain.pem
/home/user/ssl_certificates/privkey.pem
These files can be used in the webserver's conf file to have the website running over https.