Certbot with Apache: Difference between revisions
| (2 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
===Objective(s)=== | ===Objective(s)=== | ||
To never have to buy an SSL certificate for a web site ever again. And as if that weren't enough, to also never have to worry about renewing the certificate either. Sound too good to be true? Well a group of people decided to do something that essentially makes that possible. | To never have to buy an SSL certificate for a web site ever again. And as if that weren't enough, to also never have to worry about renewing the certificate either. Sound too good to be true? Well a group of people decided to do something that essentially makes that possible. Thank you, thank you, thank you... | ||
==Certbot Installation & Configuration== | ==Certbot Installation & Configuration== | ||
| Line 14: | Line 14: | ||
To install Certbot, type the following command;<syntaxhighlight lang="text"> | To install Certbot, type the following command;<syntaxhighlight lang="text"> | ||
yum install certbot python2-certbot-apache | yum install certbot python2-certbot-apache | ||
OR | |||
dnf install certbot | |||
...remember, in the Linux world things change over time and it also varies depending on the Linux distribution. If the above doesn't work for you, research it. It should be equivalently simple. Maybe start with: dnf search certbot | |||
Below is an example of extra packages, beyond the necessities, to choose from one may or may not need, depending on circumstances; | |||
python-certbot-dns-cloudxns-doc | |||
python-certbot-dns-dnsimple-doc | |||
python3-certbot-apache | |||
python3-certbot-dns-cloudflare | |||
python3-certbot-dns-cloudxns | |||
python3-certbot-dns-digitalocean | |||
python3-certbot-dns-dnsimple | |||
python3-certbot-dns-dnsmadeeasy | |||
python3-certbot-dns-gehirn | |||
python3-certbot-dns-linode | |||
python3-certbot-dns-luadns | |||
python3-certbot-dns-nsone | |||
python3-certbot-dns-ovh | |||
python3-certbot-dns-rfc2136 | |||
python3-certbot-dns-route53 | |||
python3-certbot-dns-sakuracloud | |||
python3-certbot-nginx | |||
</syntaxhighlight>Please note my above described environment. I also had the prerequisite configuration changes for yum configured (and I have the test system configured such that I don't have to use the SUDO command). For more details on installing for a CentOS / Apache system, look [https://certbot.eff.org/lets-encrypt/centosrhel7-apache here]. | </syntaxhighlight>Please note my above described environment. I also had the prerequisite configuration changes for yum configured (and I have the test system configured such that I don't have to use the SUDO command). For more details on installing for a CentOS / Apache system, look [https://certbot.eff.org/lets-encrypt/centosrhel7-apache here]. | ||
| Line 20: | Line 46: | ||
===Obtaining a Certificate=== | ===Obtaining a Certificate=== | ||
Once Certbot is installed, it's crazy simple to obtain a certificate. As noted above, use this command;<syntaxhighlight lang="text"> | Once Certbot is installed, it's crazy simple to obtain a certificate. As noted above, use this command;<syntaxhighlight lang="text"> | ||
certbot --apache | certbot --apache (This command will make changes to the Apache configuration files) | ||
OR | OR | ||
certbot certonly | certbot certonly (Use this command if it is not desirable to have CertBot modify Apache configuration files) | ||
</syntaxhighlight>...and then follow the instructions. The first command will give one the choice of having Apache configuration files changed. The latter command only obtains a certification. Remember, this has to be done on the server that hosts the web site as Certbot and Let's Encrypt require a "challenge" to be answered correctly for a certificate to be obtained. The "challenge" question is a temporary file that certbot places in the directory of the web site (and deletes after the certificate is obtained) for the certificate issuing service to verify one is the owner of the web site. DNS is another method that can be used in the "challenge" process, but it is a bit more complex. | </syntaxhighlight>...and then follow the instructions. The first command will give one the choice of having Apache configuration files changed. The latter command only obtains a certification. Remember, this has to be done on the server that hosts the web site as Certbot and Let's Encrypt require a "challenge" to be answered correctly for a certificate to be obtained. The "challenge" question is a temporary file that certbot places in the directory of the web site (and deletes after the certificate is obtained) for the certificate issuing service to verify one is the owner of the web site. DNS is another method that can be used in the "challenge" process, but it is a bit more complex. | ||
| Line 80: | Line 106: | ||
===Commands (Some are noted previously, but summarized here)=== | ===Commands (Some are noted previously, but summarized here)=== | ||
To install the certbot software (prerequisites [https://certbot.eff.org/lets-encrypt/centosrhel7-apache here]) : yum install certbot python2-certbot-apache | To install the certbot software (prerequisites [https://certbot.eff.org/lets-encrypt/centosrhel7-apache here])<span> </span>: yum install certbot python2-certbot-apache | ||
To view existing certificates: certbot certificates | To view existing certificates: certbot certificates | ||