(Assumptions below)
# yum install -y epel-release
:
Has completed!
# yum install certbot
:
Has completed!
Run certbot to get an SSL certificate It's OK even if the web server is not installed certbot will temporarily run the web server
# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter](press 'c' to cancel):1
You will be asked for the contact information of the administrator, so enter your email address (This email address has nothing to do with the domain of the certificate)
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): [email protected]
You will be asked to agree to the terms of use, enter y
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
When the certificate is issued, you will be asked if you want to share your email address with the people concerned and send news etc. Enter y or n
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.
Enter the FQDN to issue the certificate
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): www.example.com
The web server will start temporarily and domain authentication will be performed automatically. If successful, a certificate file will be created
Requesting a certificate for www.example.com
Performing the following challenges:
http-01 challenge for www.example.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.example.com/privkey.pem
Your cert will expire on 2021-04-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
# ls -l /etc/letsencrypt/live/www.example.com/
4 in total
-rw-r--r--1 root root 692 January 19 19:56 README
lrwxrwxrwx 1 root root 33 January 19 19:56 cert.pem -> ../../archive/www.example.com/cert1.pem
lrwxrwxrwx 1 root root 34 January 19 19:56 chain.pem -> ../../archive/www.example.com/chain1.pem
lrwxrwxrwx 1 root root 38 January 19 19:56 fullchain.pem -> ../../archive/www.example.com/fullchain1.pem
lrwxrwxrwx 1 root root 36 January 19 19:56 privkey.pem -> ../../archive/www.example.com/privkey1.pem
If you want to get a certificate with another FQDN, repeat in the same way. If you enter multiple FQDNs, you can use one certificate for multiple subdomains (listed in Subject Alt Names).
# certbot certonly
:
Select the appropriate number [1-2] then [enter](press 'c' to cancel):1
:
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): mail.example.com
:
The certificate is valid for 3 months after it is obtained. You can renew all certificates 30 days ago by doing the following (The following is an example executed before that, so it will not be updated)
# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certs are not due for renewal yet:
/etc/letsencrypt/live/www.example.com/fullchain.pem expires on 2021-04-19 (skipped)
/etc/letsencrypt/live/mail.example.com/fullchain.pem expires on 2021-04-19 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Recommended Posts