Date

If you run a website, it's a good idea to run it with a valid SSL certificate. There's really no execuses not to do so since it does not cost you a dime to obtain a valid SSL certificate.

You can get a free SSL certificate from Let's Encrypt. Let's Encrypt is an SSL certificate authority managed by the Internet Security Research Group. It uses the Automated Certificate Management Environment (ACME) to automatically deploy free SSL certificates that are trusted by most major browsers.

This tutorial will show you how to install a free certificate from Let's Encrypt.

1. Download certbot-auto and make it executable

certbot-auto is a wrapper script that will install certbot, and obtain dependencies from your web server OS and putting others in a python virtual environment :

szeto97@myblog lets]$ wget https://dl.eff.org/certbot-auto
--2019-02-05 21:08:48--  https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 151.101.0.201, 151.101.64.201, 151.101.128.201, ...
Connecting to dl.eff.org (dl.eff.org)|151.101.0.201|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63606 (62K) [application/octet-stream]
Saving to: ‘certbot-auto’

100%[===================================================================================================================================================================>] 63,606      --.-K/s   in 0s      

2019-02-05 21:08:49 (177 MB/s) - ‘certbot-auto’ saved [63606/63606]

[szeto97@myblog lets]$ ls -l certbot-auto
-rw-rw-r--. 1 szeto97 szeto97 63606 Jan 30 21:51 certbot-auto
[szeto97@myblog lets]$ 
[szeto97@myblog lets]$ chmod 750 certbot-auto
[szeto97@myblog lets]$ ls -l certbot-auto
-rwxr-x---. 1 szeto97 szeto97 63606 Jan 30 21:51 certbot-auto
[szeto97@myblog lets]$ 

2. Now execute the certbot-auto script

Note that for my web server setup (Apache + CentOS 7 running on Google Cloud VM instance), it installs a bunch of dependencies and the virutal environment :

[szeto97@myblog lets]$ sudo /home/szeto97/lets/certbot-auto --apache
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
yum is /bin/yum
yum is hashed (/bin/yum)
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: repos.lax.quadranet.com
 * epel: mirrors.develooper.com
 * extras: repos-lax.psychz.net
 * updates: mirror.fileplanet.com
Package 1:openssl-1.0.2k-16.el7.x86_64 already installed and latest version
Package ca-certificates-2018.2.22-70.0.el7_5.noarch already installed and latest version
Package python2-pip-8.1.2-7.el7.noarch already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package augeas-libs.x86_64 0:1.4.0-6.el7_6.1 will be installed
---> Package gcc.x86_64 0:4.8.5-36.el7 will be installed
--> Processing Dependency: cpp = 4.8.5-36.el7 for package: gcc-4.8.5-36.el7.x86_64
--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.8.5-36.el7.x86_64
--> Processing Dependency: libmpfr.so.4()(64bit) for package: gcc-4.8.5-36.el7.x86_64
--> Processing Dependency: libmpc.so.3()(64bit) for package: gcc-4.8.5-36.el7.x86_64
---> Package libffi-devel.x86_64 0:3.0.13-18.el7 will be installed
---> Package mod_ssl.x86_64 1:2.4.6-88.el7.centos will be installed
---> Package openssl-devel.x86_64 1:1.0.2k-16.el7 will be installed
--> Processing Dependency: zlib-devel(x86-64) for package: 1:openssl-devel-1.0.2k-16.el7.x86_64
--> Processing Dependency: krb5-devel(x86-64) for package: 1:openssl-devel-1.0.2k-16.el7.x86_64
---> Package python-devel.x86_64 0:2.7.5-76.el7 will be installed
---> Package python-tools.x86_64 0:2.7.5-76.el7 will be installed
--> Processing Dependency: tkinter = 2.7.5-76.el7 for package: python-tools-2.7.5-76.el7.x86_64
---> Package python-virtualenv.noarch 0:15.1.0-2.el7 will be installed
---> Package redhat-rpm-config.noarch 0:9.1.0-87.el7.centos will be installed
--> Processing Dependency: dwz >= 0.4 for package: redhat-rpm-config-9.1.0-87.el7.centos.noarch
--> Processing Dependency: zip for package: redhat-rpm-config-9.1.0-87.el7.centos.noarch
--> Processing Dependency: perl-srpm-macros for package: redhat-rpm-config-9.1.0-87.el7.centos.noarch
--> Running transaction check
---> Package cpp.x86_64 0:4.8.5-36.el7 will be installed
---> Package dwz.x86_64 0:0.11-3.el7 will be installed
---> Package glibc-devel.x86_64 0:2.17-260.el7_6.3 will be installed
--> Processing Dependency: glibc-headers = 2.17-260.el7_6.3 for package: glibc-devel-2.17-260.el7_6.3.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.17-260.el7_6.3.x86_64
---> Package krb5-devel.x86_64 0:1.15.1-37.el7_6 will be installed
--> Processing Dependency: libkadm5(x86-64) = 1.15.1-37.el7_6 for package: krb5-devel-1.15.1-37.el7_6.x86_64
--> Processing Dependency: libverto-devel for package: krb5-devel-1.15.1-37.el7_6.x86_64
--> Processing Dependency: libselinux-devel for package: krb5-devel-1.15.1-37.el7_6.x86_64
--> Processing Dependency: libcom_err-devel for package: krb5-devel-1.15.1-37.el7_6.x86_64
--> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.15.1-37.el7_6.x86_64
---> Package libmpc.x86_64 0:1.0.1-3.el7 will be installed
---> Package mpfr.x86_64 0:3.1.1-4.el7 will be installed
---> Package perl-srpm-macros.noarch 0:1-8.el7 will be installed
---> Package tkinter.x86_64 0:2.7.5-76.el7 will be installed
--> Processing Dependency: libtk8.5.so()(64bit) for package: tkinter-2.7.5-76.el7.x86_64
--> Processing Dependency: libtcl8.5.so()(64bit) for package: tkinter-2.7.5-76.el7.x86_64
--> Processing Dependency: libTix.so()(64bit) for package: tkinter-2.7.5-76.el7.x86_64
---> Package zip.x86_64 0:3.0-11.el7 will be installed
---> Package zlib-devel.x86_64 0:1.2.7-18.el7 will be installed
--> Running transaction check
---> Package glibc-headers.x86_64 0:2.17-260.el7_6.3 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.17-260.el7_6.3.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.17-260.el7_6.3.x86_64
---> Package keyutils-libs-devel.x86_64 0:1.5.8-3.el7 will be installed
---> Package libcom_err-devel.x86_64 0:1.42.9-13.el7 will be installed
---> Package libkadm5.x86_64 0:1.15.1-37.el7_6 will be installed
---> Package libselinux-devel.x86_64 0:2.5-14.1.el7 will be installed
--> Processing Dependency: libsepol-devel(x86-64) >= 2.5-10 for package: libselinux-devel-2.5-14.1.el7.x86_64
--> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.5-14.1.el7.x86_64
--> Processing Dependency: pkgconfig(libpcre) for package: libselinux-devel-2.5-14.1.el7.x86_64
---> Package libverto-devel.x86_64 0:0.2.5-4.el7 will be installed
---> Package tcl.x86_64 1:8.5.13-8.el7 will be installed
---> Package tix.x86_64 1:8.4.3-12.el7 will be installed
---> Package tk.x86_64 1:8.5.13-6.el7 will be installed
--> Running transaction check
---> Package kernel-headers.x86_64 0:3.10.0-957.5.1.el7 will be installed
---> Package libsepol-devel.x86_64 0:2.5-10.el7 will be installed
---> Package pcre-devel.x86_64 0:8.32-17.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================================================================================
 Package                                       Arch                             Version                                          Repository                         Size
=========================================================================================================================================================================
Installing:
 augeas-libs                                   x86_64                           1.4.0-6.el7_6.1                                  updates                           355 k
 gcc                                           x86_64                           4.8.5-36.el7                                     base                               16 M
 libffi-devel                                  x86_64                           3.0.13-18.el7                                    base                               23 k
 mod_ssl                                       x86_64                           1:2.4.6-88.el7.centos                            base                              112 k
 openssl-devel                                 x86_64                           1:1.0.2k-16.el7                                  base                              1.5 M
 python-devel                                  x86_64                           2.7.5-76.el7                                     base                              398 k
 python-tools                                  x86_64                           2.7.5-76.el7                                     base                              856 k
 python-virtualenv                             noarch                           15.1.0-2.el7                                     base                              1.7 M
 redhat-rpm-config                             noarch                           9.1.0-87.el7.centos                              base                               81 k
Installing for dependencies:
 cpp                                           x86_64                           4.8.5-36.el7                                     base                              5.9 M
 dwz                                           x86_64                           0.11-3.el7                                       base                               99 k
 glibc-devel                                   x86_64                           2.17-260.el7_6.3                                 updates                           1.1 M
 glibc-headers                                 x86_64                           2.17-260.el7_6.3                                 updates                           683 k
 kernel-headers                                x86_64                           3.10.0-957.5.1.el7                               updates                           8.0 M
 keyutils-libs-devel                           x86_64                           1.5.8-3.el7                                      base                               37 k
 krb5-devel                                    x86_64                           1.15.1-37.el7_6                                  updates                           271 k
 libcom_err-devel                              x86_64                           1.42.9-13.el7                                    base                               31 k
 libkadm5                                      x86_64                           1.15.1-37.el7_6                                  updates                           178 k
 libmpc                                        x86_64                           1.0.1-3.el7                                      base                               51 k
 libselinux-devel                              x86_64                           2.5-14.1.el7                                     base                              187 k
 libsepol-devel                                x86_64                           2.5-10.el7                                       base                               77 k
 libverto-devel                                x86_64                           0.2.5-4.el7                                      base                               12 k
 mpfr                                          x86_64                           3.1.1-4.el7                                      base                              203 k
 pcre-devel                                    x86_64                           8.32-17.el7                                      base                              480 k
 perl-srpm-macros                              noarch                           1-8.el7                                          base                              4.6 k
 tcl                                           x86_64                           1:8.5.13-8.el7                                   base                              1.9 M
 tix                                           x86_64                           1:8.4.3-12.el7                                   base                              254 k
 tk                                            x86_64                           1:8.5.13-6.el7                                   base                              1.4 M
 tkinter                                       x86_64                           2.7.5-76.el7                                     base                              326 k
 zip                                           x86_64                           3.0-11.el7                                       base                              260 k
 zlib-devel                                    x86_64                           1.2.7-18.el7                                     base                               50 k

Transaction Summary
=========================================================================================================================================================================
Install  9 Packages (+22 Dependent packages)

Total download size: 43 M
Installed size: 84 M
Is this ok [y/d/N]: y
Downloading packages:
(1/31): dwz-0.11-3.el7.x86_64.rpm                                                                                                                 |  99 kB  00:00:00     
(2/31): augeas-libs-1.4.0-6.el7_6.1.x86_64.rpm                                                                                                    | 355 kB  00:00:00     
(3/31): glibc-devel-2.17-260.el7_6.3.x86_64.rpm                                                                                                   | 1.1 MB  00:00:00     
(4/31): keyutils-libs-devel-1.5.8-3.el7.x86_64.rpm                                                                                                |  37 kB  00:00:00     
(5/31): krb5-devel-1.15.1-37.el7_6.x86_64.rpm                                                                                                     | 271 kB  00:00:00     
(6/31): libcom_err-devel-1.42.9-13.el7.x86_64.rpm                                                                                                 |  31 kB  00:00:00     
(7/31): libffi-devel-3.0.13-18.el7.x86_64.rpm                                                                                                     |  23 kB  00:00:00     
(8/31): libkadm5-1.15.1-37.el7_6.x86_64.rpm                                                                                                       | 178 kB  00:00:00     
(9/31): libmpc-1.0.1-3.el7.x86_64.rpm                                                                                                             |  51 kB  00:00:00     
(10/31): libselinux-devel-2.5-14.1.el7.x86_64.rpm                                                                                                 | 187 kB  00:00:00     
(11/31): cpp-4.8.5-36.el7.x86_64.rpm                                                                                                              | 5.9 MB  00:00:00     
(12/31): libsepol-devel-2.5-10.el7.x86_64.rpm                                                                                                     |  77 kB  00:00:00     
(13/31): gcc-4.8.5-36.el7.x86_64.rpm                                                                                                              |  16 MB  00:00:00     
(14/31): libverto-devel-0.2.5-4.el7.x86_64.rpm                                                                                                    |  12 kB  00:00:00     
(15/31): mod_ssl-2.4.6-88.el7.centos.x86_64.rpm                                                                                                   | 112 kB  00:00:00     
(16/31): glibc-headers-2.17-260.el7_6.3.x86_64.rpm                                                                                                | 683 kB  00:00:00     
(17/31): mpfr-3.1.1-4.el7.x86_64.rpm                                                                                                              | 203 kB  00:00:00     
(18/31): openssl-devel-1.0.2k-16.el7.x86_64.rpm                                                                                                   | 1.5 MB  00:00:00     
(19/31): perl-srpm-macros-1-8.el7.noarch.rpm                                                                                                      | 4.6 kB  00:00:00     
(20/31): python-devel-2.7.5-76.el7.x86_64.rpm                                                                                                     | 398 kB  00:00:00     
(21/31): pcre-devel-8.32-17.el7.x86_64.rpm                                                                                                        | 480 kB  00:00:00     
(22/31): redhat-rpm-config-9.1.0-87.el7.centos.noarch.rpm                                                                                         |  81 kB  00:00:00     
(23/31): python-tools-2.7.5-76.el7.x86_64.rpm                                                                                                     | 856 kB  00:00:00     
(24/31): tix-8.4.3-12.el7.x86_64.rpm                                                                                                              | 254 kB  00:00:00     
(25/31): tcl-8.5.13-8.el7.x86_64.rpm                                                                                                              | 1.9 MB  00:00:00     
(26/31): tkinter-2.7.5-76.el7.x86_64.rpm                                                                                                          | 326 kB  00:00:00     
(27/31): kernel-headers-3.10.0-957.5.1.el7.x86_64.rpm                                                                                             | 8.0 MB  00:00:00     
(28/31): zip-3.0-11.el7.x86_64.rpm                                                                                                                | 260 kB  00:00:00     
(29/31): zlib-devel-1.2.7-18.el7.x86_64.rpm                                                                                                       |  50 kB  00:00:00     
(30/31): tk-8.5.13-6.el7.x86_64.rpm                                                                                                               | 1.4 MB  00:00:00     
(31/31): python-virtualenv-15.1.0-2.el7.noarch.rpm                                                                                                | 1.7 MB  00:00:00     
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                     40 MB/s |  43 MB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : mpfr-3.1.1-4.el7.x86_64                                                                                                                              1/31 
  Installing : 1:tcl-8.5.13-8.el7.x86_64                                                                                                                            2/31 
  Installing : 1:tk-8.5.13-6.el7.x86_64                                                                                                                             3/31 
  Installing : libmpc-1.0.1-3.el7.x86_64                                                                                                                            4/31 
  Installing : cpp-4.8.5-36.el7.x86_64                                                                                                                              5/31 
  Installing : 1:tix-8.4.3-12.el7.x86_64                                                                                                                            6/31 
  Installing : tkinter-2.7.5-76.el7.x86_64                                                                                                                          7/31 
  Installing : perl-srpm-macros-1-8.el7.noarch                                                                                                                      8/31 
  Installing : zlib-devel-1.2.7-18.el7.x86_64                                                                                                                       9/31 
  Installing : dwz-0.11-3.el7.x86_64                                                                                                                               10/31 
  Installing : zip-3.0-11.el7.x86_64                                                                                                                               11/31 
  Installing : libkadm5-1.15.1-37.el7_6.x86_64                                                                                                                     12/31 
  Installing : pcre-devel-8.32-17.el7.x86_64                                                                                                                       13/31 
  Installing : libsepol-devel-2.5-10.el7.x86_64                                                                                                                    14/31 
  Installing : libselinux-devel-2.5-14.1.el7.x86_64                                                                                                                15/31 
  Installing : python-devel-2.7.5-76.el7.x86_64                                                                                                                    16/31 
  Installing : libverto-devel-0.2.5-4.el7.x86_64                                                                                                                   17/31 
  Installing : libcom_err-devel-1.42.9-13.el7.x86_64                                                                                                               18/31 
  Installing : kernel-headers-3.10.0-957.5.1.el7.x86_64                                                                                                            19/31 
  Installing : glibc-headers-2.17-260.el7_6.3.x86_64                                                                                                               20/31 
  Installing : glibc-devel-2.17-260.el7_6.3.x86_64                                                                                                                 21/31 
  Installing : keyutils-libs-devel-1.5.8-3.el7.x86_64                                                                                                              22/31 
  Installing : krb5-devel-1.15.1-37.el7_6.x86_64                                                                                                                   23/31 
  Installing : 1:openssl-devel-1.0.2k-16.el7.x86_64                                                                                                                24/31 
  Installing : gcc-4.8.5-36.el7.x86_64                                                                                                                             25/31 
  Installing : python-virtualenv-15.1.0-2.el7.noarch                                                                                                               26/31 
  Installing : redhat-rpm-config-9.1.0-87.el7.centos.noarch                                                                                                        27/31 
  Installing : python-tools-2.7.5-76.el7.x86_64                                                                                                                    28/31 
  Installing : augeas-libs-1.4.0-6.el7_6.1.x86_64                                                                                                                  29/31 
  Installing : libffi-devel-3.0.13-18.el7.x86_64                                                                                                                   30/31 
  Installing : 1:mod_ssl-2.4.6-88.el7.centos.x86_64                                                                                                                31/31 
  Verifying  : 1:tcl-8.5.13-8.el7.x86_64                                                                                                                            1/31 
  Verifying  : keyutils-libs-devel-1.5.8-3.el7.x86_64                                                                                                               2/31 
  Verifying  : kernel-headers-3.10.0-957.5.1.el7.x86_64                                                                                                             3/31 
  Verifying  : mpfr-3.1.1-4.el7.x86_64                                                                                                                              4/31 
  Verifying  : python-tools-2.7.5-76.el7.x86_64                                                                                                                     5/31 
  Verifying  : 1:tix-8.4.3-12.el7.x86_64                                                                                                                            6/31 
  Verifying  : 1:mod_ssl-2.4.6-88.el7.centos.x86_64                                                                                                                 7/31 
  Verifying  : libcom_err-devel-1.42.9-13.el7.x86_64                                                                                                                8/31 
  Verifying  : krb5-devel-1.15.1-37.el7_6.x86_64                                                                                                                    9/31 
  Verifying  : libffi-devel-3.0.13-18.el7.x86_64                                                                                                                   10/31 
  Verifying  : libverto-devel-0.2.5-4.el7.x86_64                                                                                                                   11/31 
  Verifying  : 1:openssl-devel-1.0.2k-16.el7.x86_64                                                                                                                12/31 
  Verifying  : gcc-4.8.5-36.el7.x86_64                                                                                                                             13/31 
  Verifying  : python-devel-2.7.5-76.el7.x86_64                                                                                                                    14/31 
  Verifying  : libselinux-devel-2.5-14.1.el7.x86_64                                                                                                                15/31 
  Verifying  : 1:tk-8.5.13-6.el7.x86_64                                                                                                                            16/31 
  Verifying  : redhat-rpm-config-9.1.0-87.el7.centos.noarch                                                                                                        17/31 
  Verifying  : glibc-devel-2.17-260.el7_6.3.x86_64                                                                                                                 18/31 
  Verifying  : cpp-4.8.5-36.el7.x86_64                                                                                                                             19/31 
  Verifying  : python-virtualenv-15.1.0-2.el7.noarch                                                                                                               20/31 
  Verifying  : libsepol-devel-2.5-10.el7.x86_64                                                                                                                    21/31 
  Verifying  : glibc-headers-2.17-260.el7_6.3.x86_64                                                                                                               22/31 
  Verifying  : pcre-devel-8.32-17.el7.x86_64                                                                                                                       23/31 
  Verifying  : libkadm5-1.15.1-37.el7_6.x86_64                                                                                                                     24/31 
  Verifying  : zip-3.0-11.el7.x86_64                                                                                                                               25/31 
  Verifying  : dwz-0.11-3.el7.x86_64                                                                                                                               26/31 
  Verifying  : augeas-libs-1.4.0-6.el7_6.1.x86_64                                                                                                                  27/31 
  Verifying  : zlib-devel-1.2.7-18.el7.x86_64                                                                                                                      28/31 
  Verifying  : tkinter-2.7.5-76.el7.x86_64                                                                                                                         29/31 
  Verifying  : perl-srpm-macros-1-8.el7.noarch                                                                                                                     30/31 
  Verifying  : libmpc-1.0.1-3.el7.x86_64                                                                                                                           31/31 

Installed:
  augeas-libs.x86_64 0:1.4.0-6.el7_6.1             gcc.x86_64 0:4.8.5-36.el7            libffi-devel.x86_64 0:3.0.13-18.el7   mod_ssl.x86_64 1:2.4.6-88.el7.centos     
  openssl-devel.x86_64 1:1.0.2k-16.el7             python-devel.x86_64 0:2.7.5-76.el7   python-tools.x86_64 0:2.7.5-76.el7    python-virtualenv.noarch 0:15.1.0-2.el7  
  redhat-rpm-config.noarch 0:9.1.0-87.el7.centos  

Dependency Installed:
  cpp.x86_64 0:4.8.5-36.el7                   dwz.x86_64 0:0.11-3.el7                   glibc-devel.x86_64 0:2.17-260.el7_6.3   glibc-headers.x86_64 0:2.17-260.el7_6.3 
  kernel-headers.x86_64 0:3.10.0-957.5.1.el7  keyutils-libs-devel.x86_64 0:1.5.8-3.el7  krb5-devel.x86_64 0:1.15.1-37.el7_6     libcom_err-devel.x86_64 0:1.42.9-13.el7 
  libkadm5.x86_64 0:1.15.1-37.el7_6           libmpc.x86_64 0:1.0.1-3.el7               libselinux-devel.x86_64 0:2.5-14.1.el7  libsepol-devel.x86_64 0:2.5-10.el7      
  libverto-devel.x86_64 0:0.2.5-4.el7         mpfr.x86_64 0:3.1.1-4.el7                 pcre-devel.x86_64 0:8.32-17.el7         perl-srpm-macros.noarch 0:1-8.el7       
  tcl.x86_64 1:8.5.13-8.el7                   tix.x86_64 1:8.4.3-12.el7                 tk.x86_64 1:8.5.13-6.el7                tkinter.x86_64 0:2.7.5-76.el7           
  zip.x86_64 0:3.0-11.el7                     zlib-devel.x86_64 0:1.2.7-18.el7         

Complete!
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

3. Enter your domain name

Once the certbot-auto script finishes bootstrapping the environment, it'll ask you a couple questions.

It'll ask you for the domain name that the certificate will be issued to, and if you want the script to modify your web config to redirect HTTP to HTTPS.

For my setup, I let it update my Apache config to redirect HTTP to HTTPS :

Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): simonszeto.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for simonszeto.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://simonszeto.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=simonszeto.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/simonszeto.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/simonszeto.com/privkey.pem
   Your cert will expire on 2019-05-07. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[szeto97@myblog lets]$ 

4. Set up a cron job to auto renew the certificate

Because the free certificate is valid for only 3 months, you'll need to set up a cron job to automatically renew it. For my own certificate, I have a cron job that runs on every Friday at 10:05PM to attempt to renew the certificate.

[szeto97@myblog lets]$ sudo crontab -l
05 22 * * 5 /home/szeto97/lets/certbot-auto renew >> /var/log/letsencrypt/renew.log

If the certificate is not due for renewal yet, it'll do nothing as you can see here :

[szeto97@myblog lets]$ sudo cat /var/log/letsencrypt/renew.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/simonszeto.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/simonszeto.com/fullchain.pem expires on 2019-05-07 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5. Sleep easy....

Now that you've secured your website with SSL certificate, and knowing that it will automatically renew its certificate, you can sleep easy at night :)


Comments

comments powered by Disqus