Let's Encrypt installation with apache
Apache LAMP Red hat linux Web Hosting

Setup Let’s Encrypt to Create SSL Certificates

Before you Begin

  1. Complete the steps for setting your Server / VPS hostname and timezone.
  2. Complete the steps in our Securing Your Server guide to create a standard user account, harden SSH access, and remove unnecessary network services.
  3. Update your server’s software packages:CentOS
    Debian / Ubuntu

Download and Install Let’s Encrypt

  1. Install the git package:CentOS
    Debian / Ubuntu
  2. Download a clone of Let’s Encrypt from the official GitHub repository. /opt is a common installation directory for third-party packages, so let’s install the clone to /opt/letsencrypt:
  3. Navigate to the new /opt/letsencrypt directory:

Create an SSL Certificate

Let’s Encrypt automatically performs Domain Validation (DV) using a series of challenges. The Certificate Authority (CA) uses challenges to verify the authenticity of your computer’s domain. Once your Linode has been validated, the CA will issue SSL certificates to you.

  1. Run Let’s Encrypt with the --standalone parameter. For each additional domain name requiring a certificate, add -d example.com to the end of the command.
  2. When prompted, specify an administrative email address. This will allow you to regain control of a lost certificate and receive urgent security notices if necessary. Press ENTER or RETURN to save.
  3. Agree to the Terms of Service and specify if you would like to share your email address with EFF:
  4. If all goes well, a message similar to the one below will appear. Its appearance means Let’s Encrypt has approved and issued your certificates.

Check Certificate Domains

  1. The output of the Let’s Encrypt script shows where your certificate is stored; in this case, /etc/letsencrypt/live:
  2. All of the domains you specified above will be covered under this single certificate. This can be verified as follows:

Maintenance

Renew SSL Certificates

  1. Return to the /opt/letsencrypt directory:
  2. Execute the command you used in Step 1 of the Create an SSL Certificate section, adding the --renew-by-default parameter:
  3. After a few moments, a confirmation similar to the one below should appear:
    Let’s Encrypt has refreshed the lifespan of your certificates; in this example, March 31st, 2016 is the new expiration date.

Note

Let’s Encrypt certificates have a 90-day lifespan. According to Let’s Encrypt, this encourages automation and minimizes damage from key compromises. You can renew your certificates at any time during their lifespan.

Automatically Renew SSL Certificates (Optional)

You can also automate certificate renewal. This will prevent your certificates from expiring, and can be accomplished with cron.

  1. The output of the previous command shows how to non-interactively renew all of your certificates:
  2. Set this task to run automatically once per month using a cron job:
    Add the following line to the end of the crontab file:

    crontab
    Update Let’s Encrypt
  1. Return to the /opt/letsencrypt directory:
  2. Download any changes made to Let’s Encrypt since you last cloned or pulled the repository, effectively updating it:

Automatically Update Let’s Encrypt (Optional)

You can also use cron to keep the letsencrypt-auto client up to date.

crontab

Done!

now change the certificate file paths in apache config file and restart the apache or your web service. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *