How VPS - How to use/setup VPS
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
How VPS - How to use/setup VPS
No Result
View All Result
Home Securing VPS/Servers

Install Let's Encrypt to Create SSL Certificates

How VPS by How VPS
November 2, 2018
in Securing VPS/Servers, SSL Certificates
0
Install Let's Encrypt to Create SSL Certificates
0
SHARES
239
VIEWS
Share on FacebookShare on Twitter

Contents

  1. Before you Begin
  2. Download and Install Let’s Encrypt
  3. Create an SSL Certificate
    1. Check Certificate Domains
  4. Maintenance
    1. Renew SSL Certificates
    2. Automatically Renew SSL Certificates (Optional)
    3. Update Let’s Encrypt
    4. Automatically Update Let’s Encrypt (Optional)
  5. More Information
    1. Join our Community

Install Let's Encrypt to Create SSL Certificates

Install Let's Encrypt to Create SSL Certificates

Let’s Encrypt is an SSL certificate authority managed by the Internet Security Research Group (ISRG). It utilizes the Automated Certificate Management Environment (ACME) to automatically deploy free SSL certificates that are trusted by nearly all major browsers.

Note

For most situations, the recommended method for installing Let’s Encrypt certificates is the official Certbot tool. Certbot automates the process of obtaining and installing a certificate, and can also automatically update your web server configuration. The instructions in this guide install Let’s Encrypt and add certificates manually, which is not necessary for most users.

Before you Begin

  1. Familiarize yourself with our Getting Started guide and complete the steps for setting your Linode’s hostname and timezone.

  2. Complete the steps in our Securing Your Server guide to create a standard user account, harden SSH access, and remove unnecessary network services.

  3. Update your server’s software packages:

    CentOS

    sudo yum update && sudo yum upgrade
    

    Debian / Ubuntu

    sudo apt update && sudo apt upgrade
    

    Note

    This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.

Download and Install Let’s Encrypt

  1. Install the git package:

    CentOS

    sudo yum install git
    

    Debian / Ubuntu

    sudo apt-get install git
    
  2. Download a clone of Let’s Encrypt from the official GitHub repository. /opt is a common installation directory for third-party packages, so let’s install the clone to /opt/letsencrypt:

    sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
    
  3. Navigate to the new /opt/letsencrypt directory:

    cd /opt/letsencrypt
    

Create an SSL Certificate

Let’s Encrypt automatically performs Domain Validation (DV) using a series of challenges. The Certificate Authority (CA) uses challenges to verify the authenticity of your computer’s domain. Once your Linode has been validated, the CA will issue SSL certificates to you.

  1. Run Let’s Encrypt with the --standalone parameter. For each additional domain name requiring a certificate, add -d example.com to the end of the command.

    sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
    

    Note

    Let’s Encrypt does not deploy wildcard certificates. Each subdomain requires its own certificate.
  2. When prompted, specify an administrative email address. This will allow you to regain control of a lost certificate and receive urgent security notices if necessary. Press ENTER or RETURN to save.

  3. Agree to the Terms of Service and specify if you would like to share your email address with EFF:

      
    -------------------------------------------------------------------------------
    Please read the Terms of Service at
    https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
    agree in order to register with the ACME server at
    https://acme-v01.api.letsencrypt.org/directory
    -------------------------------------------------------------------------------
    (A)gree/(C)ancel: a
    
    -------------------------------------------------------------------------------
    Would you be willing to share your email address with the Electronic Frontier
    Foundation, a founding partner of the Let's Encrypt project and the non-profit
    organization that develops Certbot? We'd like to send you email about EFF and
    our work to encrypt the web, protect its users and defend digital rights.
    -------------------------------------------------------------------------------
    (Y)es/(N)o: n
    
    
  4. If all goes well, a message similar to the one below will appear. Its appearance means Let’s Encrypt has approved and issued your certificates.

      
    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at:
       /etc/letsencrypt/live/example.com/fullchain.pem
       Your key file has been saved at:
       /etc/letsencrypt/live/example.com/privkey.pem
       Your cert will expire on 2018-05-27. To obtain a new or tweaked
       version of this certificate in the future, simply run
       letsencrypt-auto again. To non-interactively renew *all* of your
       certificates, run "letsencrypt-auto renew"
     - If you like Certbot, please consider supporting our work by:
    
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le
    
    

Check Certificate Domains

  1. The output of the Let’s Encrypt script shows where your certificate is stored; in this case, /etc/letsencrypt/live:

    sudo ls /etc/letsencrypt/live
    
      
    example.com
    
    
  2. All of the domains you specified above will be covered under this single certificate. This can be verified as follows:

    ./certbot-auto certificates
    
      
    Found the following certs:
      Certificate Name: example.com
        Domains: example.com www.example.com
        Expiry Date: 2018-05-27 20:49:02+00:00 (VALID: 89 days)
        Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
        Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
    
    

Maintenance

Renew SSL Certificates

  1. Return to the /opt/letsencrypt directory:

    cd /opt/letsencrypt
    
  2. Execute the command you used in Step 1 of the Create an SSL Certificate section, adding the --renew-by-default parameter:

    sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default -d example.com -d www.example.com
    
  3. After a few moments, a confirmation similar to the one below should appear:

      
    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at:
       /etc/letsencrypt/live/example.com/fullchain.pem
       Your key file has been saved at:
       /etc/letsencrypt/live/example.com/privkey.pem
       Your cert will expire on 2018-05-27. To obtain a new or tweaked
       version of this certificate in the future, simply run
       letsencrypt-auto again. To non-interactively renew *all* of your
       certificates, run "letsencrypt-auto renew"
     - If you like Certbot, please consider supporting our work by:
    
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le
        
    

    Let’s Encrypt has refreshed the lifespan of your certificates; in this example, March 31st, 2016 is the new expiration date.

Note

Let’s Encrypt certificates have a 90-day lifespan. According to Let’s Encrypt, this encourages automation and minimizes damage from key compromises. You can renew your certificates at any time during their lifespan.

Automatically Renew SSL Certificates (Optional)

You can also automate certificate renewal. This will prevent your certificates from expiring, and can be accomplished with cron.

  1. The output of the previous command shows how to non-interactively renew all of your certificates:

    ./letsencrypt-auto renew
    
  2. Set this task to run automatically once per month using a cron job:

    sudo crontab -e
    

    Add the following line to the end of the crontab file:

    crontab
    1
    
    0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew

Update Let’s Encrypt

  1. Return to the /opt/letsencrypt directory:

    cd /opt/letsencrypt
    
  2. Download any changes made to Let’s Encrypt since you last cloned or pulled the repository, effectively updating it:

    sudo git pull
    

Automatically Update Let’s Encrypt (Optional)

You can also use cron to keep the letsencrypt-auto client up to date.

sudo crontab -e
crontab
1
0 0 1 * * cd /opt/letsencrypt && git pull

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

  • Let’s Encrypt Homepage

Join our Community

Find answers, ask questions, and help others.

This guide is published under a CC BY-ND 4.0 license.

How VPS

How VPS

Related Posts

How to Scan for Vulnerabilties with ClamAV
Securing VPS/Servers

How to Scan for Vulnerabilties with ClamAV

November 2, 2018
Securing VPS/Servers

Upgrading glibc for the GHOST Vulnerability

November 2, 2018
Create a Self-Signed TLS Certificate
Securing VPS/Servers

Create a Self-Signed TLS Certificate

November 2, 2018
Next Post

ccat – Show ‘cat Command’ Output with Syntax Highlighting or Colorizing

Use One-Time Passwords for Two-Factor Authentication with SSH on Ubuntu 16.04 and Debian 8

Use One-Time Passwords for Two-Factor Authentication with SSH on Ubuntu 16.04 and Debian 8

Using rdiff-backup with SSHFS

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 121 Followers
  • 87.2k Followers

Recommended

7 Quirky ‘ls’ Command Tricks Every Linux User Should Know

4 years ago

Installing HAProxy 1.7 on Debian 9.1 (Stretch)

3 years ago

How to Install Easy Hosting Control Panel on Ubuntu 16.04

3 years ago

Installing Bolt CMS on Fedora 28

3 years ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel

Topics

Apache Web Server Bluehost Review 2019 Bluehost Review 2020 Bluehost Review 2021 Centmin Mod CentminMod centos install htop fsck htop install HTTP DoS attack Install Snort on an Ubuntu install Zabbix on CentOS install Zabbix on CentOS 7 Linux Commands linux guide linux install htop linux vps setup guide MariaDB MariaDB Error Mysql mysqld error optimize MariaDB optimize Mysql snort Ubuntu
No Result
View All Result

Highlights

Top Free Web Hosting Control Panels To Manage VPS/Dedicated Servers

Webmin Reviews

Virtualmin Reviews

CentOS Web Panel Reviews

Ajenti Reviews

ISPConfig Reviews

Trending

Failed to download metadata for repo 'appstream' on Centos 8
CentOS

How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

by How VPS
February 25, 2022
0

I tried to update some extensions by use yum on centOs which I specified in Dockerfile. After...

How to Fix MySQL Error "Plugin 'InnoDB' registration as a STORAGE ENGINE failed"?

How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”?

November 17, 2020
How to optimize Mysql or MariaDB

How to optimize Mysql or MariaDB

November 3, 2020
Top Free Web Hosting Control Panels To Manage VPS/Dedicated Servers

Top Free Web Hosting Control Panels To Manage VPS/Dedicated Servers

February 17, 2020
Webmin Reviews

Webmin Reviews

February 17, 2020
How VPS – How to use/setup VPS

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8 February 25, 2022
  • How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”? November 17, 2020
  • How to optimize Mysql or MariaDB November 3, 2020

Categories

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel

[mc4wp_form]

© 2018 JNews - City News Magazine WordPress theme. All rights belong to their respective owners.
JNews is a top selling 2018 WordPress News, Blog, Newspaper & Magazine Theme.

No Result
View All Result
  • Home

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.