SSH into the server
SSH into the server running your HTTP website as a user with sudo privileges.
Enable EPEL repo
You’ll need to enable the EPEL (Extra Packages for Enterprise Linux) repository.
Follow these instructions at the Fedora wiki to enable EPEL.
Enable the optional channel
If you’re using RHEL or Oracle Linux, you’ll also need to enable the optional channel. On EC2, RHEL users can enable the optional channel by running the following command, substituting your EC2 region for REGION in the command:# yum -y install yum-utils
# yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
Install Certbot
# yum install certbot python2-certbot-apache |
Choose how you’d like to run Certbot Either get and install your certificates…
Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.# certbot --apache
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: burnz.com
2: samplesite.com
3: two.samplesite.com
4: three.samplesite.com
5: four.samplesite.com
6: five.samplesite.comm
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for samplesite.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-available/your_domain-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the --redirect and --no-redirect flags.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://burnz.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=burnz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/burnz.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/burnz.com/privkey.pem
Your cert will expire on 2022-05-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Or, just get a certificate
If you’re feeling more conservative and would like to make the changes to your Nginx configuration by hand, run this command.
# certbot certonly --apache
Set up automatic renewal
Run the following line, which will add a cron job to the default crontab.
# echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null |
Confirm that Certbot worked
To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.