Skip to main content

Get SSL Certificate (Let's Encrypt)

 Get SSL Certificates from Let's Encrypt who provides Free SSL Certificates.

Refer to the details for Let's Encrypt official site below.

⇒ https://letsencrypt.org/

By the way, expiration date of a cert is 90 days, so you must update within next 90 days later.

[1]. Install Certbot Client which is the tool to get certificates from Let's Encrypt.

[root@dlp ~]# dnf module -y install python36

[root@dlp ~]# dnf -y install gcc mod_ssl python3-virtualenv redhat-rpm-config augeas-libs libffi-devel openssl-devel

[root@dlp ~]# curl -O https://dl.eff.org/certbot-auto

[root@dlp ~]# mv certbot-auto /usr/local/bin/

[root@dlp ~]# chmod 700 /usr/local/bin/certbot-auto

[2]. Get certificates.

It needs Web server like Apache httpd or Nginx must be runing on the server you work.

If no Web server is running, skip this section and Refer to [3] section.

Furthermore, it needs that it's possible to access from the Internet to your working server on port 80 because of verification from Let's Encrypt.

# for the option [--webroot], use a directory under the webroot on your server as a working temp

# -w [document root] -d [FQDN you'd like to get certs]

# FQDN (Fully Qualified Domain Name) : Hostname.Domainname

# if you'd like to get certs for more than 2 FQDNs, specify all like below

# ex : if get [srv.world] and [dlp.srv.world]

# ⇒ -d srv.world -d dlp.srv.world

[root@dlp ~]# certbot-auto certonly --webroot -w /var/www/html -d dlp.srv.world

Bootstrapping dependencies for RedHat-based OSes that will use Python3... (you can skip this with --no-bootstrap)

dnf is /usr/bin/dnf

dnf is hashed (/usr/bin/dnf)

.....

.....

# for only initial using, register your email address and agree to terms of use

# specify valid email address

Enter email address (used for urgent renewal and security notices) 

(Enter 'c' to cancel): root@mail.srv.world 


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must

agree in order to register with the ACME server at

https://acme-v02.api.letsencrypt.org/directory

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# agree to the terms of use

(A)gree/(C)ancel: A


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Would you be willing to share your email address with the Electronic Frontier

Foundation, a founding partner of the Let's Encrypt project and the non-profit

organization that develops Certbot? We'd like to send you email about our work

encrypting the web, EFF news, campaigns, and ways to support digital freedom.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(Y)es/(N)o: Y

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for dlp.srv.world

Using the webroot path /var/www/html for all unmatched domains.

Waiting for verification...

Cleaning up challenges


IMPORTANT NOTES:

 - Congratulations! Your certificate and chain have been saved at:

   /etc/letsencrypt/live/dlp.srv.world/fullchain.pem

   Your key file has been saved at:

   /etc/letsencrypt/live/dlp.srv.world/privkey.pem

   Your cert will expire on 2020-03-17. To obtain a new or tweaked

   version of this certificate in the future, simply run certbot-auto

   again. To non-interactively renew *all* of your certificates, run

   "certbot-auto renew"

 - Your account credentials have been saved in your Certbot

   configuration directory at /etc/letsencrypt. You should make a

   secure backup of this folder now. This configuration directory will

   also contain certificates and private keys obtained by Certbot so

   making regular backups of this folder is ideal.

 - If you like Certbot, please consider supporting our work by:


   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

   Donating to EFF:                    https://eff.org/donate-le


# success if [Congratulations] is shown

# certs are created under the [/etc/letsencrypt/live/(FQDN)/] directory


# cert.pem       ⇒ SSL Server cert(includes public-key)

# chain.pem      ⇒ intermediate certificate

# fullchain.pem  ⇒ combined file cert.pem and chain.pem

# privkey.pem    ⇒ private-key file

[3]. If no Web Server is running on your working server, it's possbile to get certs with using Certbot's Web Server feature. Anyway, it needs that it's possible to access from the Internet to your working server on port 80 because of verification from Let's Encrypt.

# for the option [--standalone], use Certbot's Web Server feature

# -d [FQDN you'd like to get certs]

# FQDN (Fully Qualified Domain Name) : Hostname.Domainname

# if you'd like to get certs for more than 2 FQDNs, specify all like below

# ex : if get [srv.world] and [mail.srv.world] ⇒ -d srv.world -d mail.srv.world

[root@dlp ~]# certbot-auto certonly --standalone -d mail.srv.world

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for mail.srv.world

Waiting for verification...

Cleaning up challenges


IMPORTANT NOTES:

 - Congratulations! Your certificate and chain have been saved at:

   /etc/letsencrypt/live/mail.srv.world/fullchain.pem

   Your key file has been saved at:

   /etc/letsencrypt/live/mail.srv.world/privkey.pem

   Your cert will expire on 2020-03-17. To obtain a new or tweaked

   version of this certificate in the future, simply run certbot-auto

   again. To non-interactively renew *all* of your certificates, run

   "certbot-auto renew"

 - If you like Certbot, please consider supporting our work by:


   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

   Donating to EFF:                    https://eff.org/donate-le

[4]. For Updating existing certs, Do like follows.

# update all certs which has less than 30 days expiration

# if you'd like to update certs which has more than 30 days expiration, add [--force-renew] option

[root@dlp ~]# certbot-auto renew

[5] If you'd like to convert certificates to PKCS12 (PFX) format for Windows, do like follows.

[root@dlp ~]# openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out dlp_for_iis.pfx

Enter Export Password:     # set any export password

Verifying - Enter Export Password:


Comments

Post a Comment

Popular posts from this blog

C++ How to use Date and Time

The C++ standard library does not provide a proper date type. C++ inherits the structs and functions for date and time manipulation from C. To access date and time related functions and structures, you would need to include <ctime> header file in your C++ program. There are four time-related types: clock_t, time_t, size_t , and tm . The types clock_t, size_t and time_t are capable of representing the system time and date as some sort of integer. The structure type tm holds the date and time in the form of a C structure having the following elements: struct tm { int tm_sec ; // seconds of minutes from 0 to 61 int tm_min ; // minutes of hour from 0 to 59 int tm_hour ; // hours of day from 0 to 24 int tm_mday ; // day of month from 1 to 31 int tm_mon ; // month of year from 0 to 11 int tm_year ; // year since 1900 int tm_wday ; // days since sunday int tm_yday ; // days since January 1st int tm_isdst ; // hours of daylight savin...
Post a Comment
Read more

C++ References

A reference variable is an alias, that is, another name for an already existing variable. Once a reference is initialized with a variable, either the variable name or the reference name may be used to refer to the variable. C++ References vs Pointers: References are often confused with pointers but three major differences between references and pointers are: You cannot have NULL references. You must always be able to assume that a reference is connected to a legitimate piece of storage. Once a reference is initialized to an object, it cannot be changed to refer to another object. Pointers can be pointed to another object at any time. A reference must be initialized when it is created. Pointers can be initialized at any time. Creating References in C++: Think of a variable name as a label attached to the variable's location in memory. You can then think of a reference as a second label attached to that memory location. Therefore, you can access the contents of the variabl...
Post a Comment
Read more

Lambda Function with Amazon SNS

  Amazon SNS is a service used for push notification. In this chapter, we will explain working of AWS Lambda and Amazon SNS with the help of an example where will perform the following actions − Create Topic in SNS Service and use AWS Lambda Add Topics to CloudWatch Send SNS text message on phone number given. Requisites To create Topic in SNS Service and use AWS Lambda Add Topics to CloudWatch, we need not follow the steps given below − Create Topic in SNS Create Role for permission in IAM Create AWS Lambda Function Publish to topic to activate trigger Check the message details in CloudWatch service. To send SNS text message on phone number given, we need to do the following − Add code in AWS Lambda to send message to your phone. Example In this example, we will create a topic in SNS. When details are entered in the topic to publish, AWS Lambda is triggered. The topic details are logged in CloudWatch and a message is sent on phone by AWS Lambda. Here is a basic block diagram which...
Post a Comment
Read more