Introducing Let's Encrypt on CentOS 7

Overview

(Assumptions below)

Install certbot

# yum install -y epel-release
:
Has completed!
# yum install certbot 
:
Has completed!

Obtaining an SSL certificate

Run certbot to get an SSL certificate It's OK even if the web server is not installed certbot will temporarily run the web server

# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter](press 'c' to cancel):1

You will be asked for the contact information of the administrator, so enter your email address (This email address has nothing to do with the domain of the certificate)

Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): [email protected]

You will be asked to agree to the terms of use, enter y

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

When the certificate is issued, you will be asked if you want to share your email address with the people concerned and send news etc. Enter y or n

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.

Enter the FQDN to issue the certificate

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): www.example.com

The web server will start temporarily and domain authentication will be performed automatically. If successful, a certificate file will be created

Requesting a certificate for www.example.com
Performing the following challenges:
http-01 challenge for www.example.com
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.example.com/privkey.pem
   Your cert will expire on 2021-04-19. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
# ls -l /etc/letsencrypt/live/www.example.com/
4 in total
-rw-r--r--1 root root 692 January 19 19:56 README
lrwxrwxrwx 1 root root 33 January 19 19:56 cert.pem -> ../../archive/www.example.com/cert1.pem
lrwxrwxrwx 1 root root 34 January 19 19:56 chain.pem -> ../../archive/www.example.com/chain1.pem
lrwxrwxrwx 1 root root 38 January 19 19:56 fullchain.pem -> ../../archive/www.example.com/fullchain1.pem
lrwxrwxrwx 1 root root 36 January 19 19:56 privkey.pem -> ../../archive/www.example.com/privkey1.pem

If you want to get a certificate with another FQDN, repeat in the same way. If you enter multiple FQDNs, you can use one certificate for multiple subdomains (listed in Subject Alt Names).

# certbot certonly
:
Select the appropriate number [1-2] then [enter](press 'c' to cancel):1
:
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): mail.example.com
:

The certificate is valid for 3 months after it is obtained. You can renew all certificates 30 days ago by doing the following (The following is an example executed before that, so it will not be updated)

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/www.example.com/fullchain.pem expires on 2021-04-19 (skipped)
  /etc/letsencrypt/live/mail.example.com/fullchain.pem expires on 2021-04-19 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Recommended Posts

Introducing Let's Encrypt on CentOS 7
Get Let's Encrypt Wildcard Certificate on CentOS6
Let's encrypt installation procedure (Oracle Linux, RHEL, Centos7)
Let's touch on Java
Maven on CentOS 7 tutorial
Docker installation on CentOS 6
Use perltidy on CentOS 8
Install Golang on CentOS 8
Try OpenLiteSpeed on CentOS8
Install Neo4j 4.1.3 on centOS
Introducing Bugsnag on Heroku
Install Vertica 10.0 on CentOS 6.10
Use mod_auth_cas on CentOS 8
Install PostgreSQL 12 on Centos8
Install Python 3 on CentOS 7
Install kuromoji on CentOS7
Use bat on Centos.
Jetty v8 on CentOS7
OpenJDK installation on CentOS 7
Install Mattermost on CentOS 7
Install PostGIS 2.5.5 on CentOS7
Install jpndistrict on CentOS 7
Install Redmine 4.1.1 on CentOS 7
Smokeping Install on CentOS7
Install PostgreSQL 13 on CentOS 7.5
Let's create a gcloud development environment on a centos8 container
Make Nginx of CentOS8 SSL compatible with Let's Encrypt
Make exFat available on CentOS 7
Introducing AWS CLI to CentOS 7
Install OpenFOAM v2006 on CentOS
Set up Gitolite on CentOS 7
Install Jenkins on Docker's CentOS
Java version change on CentOS
Install Ruby 2.7 on CentOS 7 (SCL)
Perform log rotation on centos
Introducing JITSI MEET to CentOS 8
Try DPDK20 SDK on CentOS7 â‘ Install
How to deploy Laravel on CentOS 7
Enable Openjdk10 and maven on CentOS
Install Ruby 2.5 on CentOS 7 using SCL
Install Java Open JDK 8 on CentOS 7
Try putting CentOS 8 on Raspberry Pi 3
WordPress with Docker Compose on CentOS 8
Upgrade from MYSQL5.7 to 8.0 on CentOS 6.7
Use the iostat command on CentOS 8
I tried installing CentOS 8 on ESXi 6.7
Steps to install devtoolset-6 on CentOS 7
Let's Encrypt was not automatically updated
Use Docker CE (official) on CentOS 8
Install Java 9 on windows 10 and CentOS 7
I installed F-Revo CRM 7.3 on CentOS 7.7
Let's install Docker on Windows 10 and create a verification environment for CentOS 8!