Generate and Renew SSL Certificate using Certbot

by | Jun 10, 2019 | Forums | 0 comments



Lets-encrypt provide free and trusted ssl certificates  by many browsers, it has many ways to generate the certificates, mostly use the browser option to create accounts on their website, generate certificates according to the instructions provided on the web, this process is done every 90days as Letsencrypt provide the certificates for only 90days period where you have to regenerate again.


Here, we will use certbot command to generate certificate on our linux box server, we will also enable auto renewal of the certificate and no need for us to regenerate every 90days




sudo apt install certbot python3-certbot-apache




Then create the virtual file for your domain




sudo nano /etc/apache2/sites-available/your_domain.conf
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName your_domain
    ServerAlias www.your_domain
    DocumentRoot /var/www/your_domain
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>




Test apache configurations if they are ok




sudo apache2ctl configtest




If ok restart apache




sudo systemctl reload apache2




If not check the error and correct it


Now lets generate the certificate using the carbot we just installed from the beginning of this tutorial




sudo certbot --apache -d your_domain -d www.your_domain




This runs certbot with the --apache plugin, using -d to specify the names you’d like the certificate to be valid for.


If this is your first time running certbot, you will be prompted to enter an email address and agree to the terms of service. After doing so, certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.


If that’s successful, certbot will ask how you’d like to configure your HTTPS settings:


After finishing successfully, you need nothing to do extra but just to access your site on https to test if the configurations were done ok


you can use the below command to renew the certificate and if possible add it to cron so it checks and runs for automatic renewals




sudo certbot renew




Try a dry renewal to see if renewals is done successfully on the sport before certificate expires




sudo certbot renew --dry-run




 


Hope you enjoy the tutorial


 

					

					

					



		   

		  
		  	   

					

		
Submit a Comment 
Your email address will not be published. Required fields are marked *