Introduction
This page describes how Alexis Huxley obtains and renews LetsEncrypt-based SSL certificates. It is all to be executed on the front-end web server (not any back-end servers).
Installation
- Run:
apt-get install certbot python-certbot-apache
- If not already done then run:
a2enmod ssl systemctl restart apache2
Per-vhost
This section assumes that /etc/apache2/sites-enabled/<vhost>-ssl.conf was set up according to Configuring web services (revision 2).
- Ensure that the website is accessible from the outside (for me this means making changes on my firewall/router).
- Ensure that the website is accessible via http and https (even if http redirects to https).
- Define variables:
WEBSITENAME=<name-of-website> # e.g. WEBSITENAME=home.pasta.freemyip.com
- Run:
certbot certonly --apache -d $WEBSITENAME
and follow the prompts.
- Expect to see:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: ...
- Edit /etc/apache2/sites-available/$WEBSITENAME-ssl.conf and comment out these linesL
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
and uncomment these lines:
Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/<websitename>/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/<websitename>/privkey.pem
- Run:
systemctl reload apache2
- Restart your browser (Chromium, for example, does not detect if the a certificate becomes valid).
- Visit your site and verify the certificate is now valid.