0% found this document useful (0 votes)

100 views

LetsEncrypt Project Instructions

The document provides instructions for installing an SSL certificate on a CentOS 7 server running Apache. It outlines prerequisites including having a valid domain with DNS records. It then details steps such as installing Apache and the Certbot application, requesting an SSL certificate from Let's Encrypt using Certbot, and testing the secure connection. The goal is to enable HTTPS for improved security on the website hosted by the Apache server.

Uploaded by

Mawonsosungue

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

100 views

LetsEncrypt Project Instructions

Uploaded by

Mawonsosungue

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 11

Installing an SSL Certificate on CentOS Running Apache

Companion Video:

Visit the following page for a video demonstration and walkthrough of the process outlined below:
https://www.linuxtrainingacademy.com/install-ssl-certificate-centos-rhel-apache/

Goal:

The goal of this project is to install a valid SSL Certificate on a CentOS 7 Linux server running the
Apache web server.

Background and Prerequisites:

This tutorial assumes you are using a CentOS 7 Linux system on the public Internet with a valid DNS
A or CNAME record. An A record simply maps a domain name to the IP address of the device
hosting that domain. For example, the A record for demo.linuxtrainingacademy.com is
104.236.177.6. A CNAME, which stands for Canonical Name, an alias for another domain. For
example, courses.linuxtrainingacademy.com is a CNAME that points to
www.linuxtrainingacademy.com. The DNS name of www.linuxtrainingacademy.com, in turn, has an
A Record of 104.236.177.6.

NOTE: This tutorial demonstrates the installation of an SSL certificate for the
demo.linuxtrainingacademy.com domain. Even though this domain will be used throughout this
tutorial, you must use your own domain when following along.

Instructions:

Connect to the Server as Root

Many of the commands you will be executing will require root privileges. Connect to your Linux
server as the root user. If you log with another account, switch to the root account. You can switch
to the root account with the su command:

su -

http://www.LinuxTrainingAcademy.com
Install Apache

Start off by installing the Apache HTTP Server. You'll also need to install "mod_ssl" to add SSL
support to Apache.

yum install -y httpd mod_ssl
Start and Enable the Web Server

Now that the web server is installed, you can go ahead and start it. You also want it to start on boot,
so enable the service as well.

systemctl s
tart httpd
systemctl e nable httpd

You can verify the web server started by checking its status.

systemctl status httpd

You can also use the is-active option to systemctl.

systemctl is-active httpd

Create a Sample Web Page

Create an index.html file in the DocumentRoot of the web server.

echo demo > /var/www/html/index.html

Allow Inbound HTTP Traffic

If you are using the local Linux firewall, run the following commands to allow HTTP and HTTPS
traffic:

firewall-cmd -
-permanent - -zone=public - -add-service=http
firewall-cmd - -permanent - -zone=public - -add-service=https
firewall-cmd - -reload

http://www.LinuxTrainingAcademy.com
Test the Web Server

Open up a web browser and connect to your server. Remember, that you should have a DNS
record associated with your server.

First, connect using the HTTP protocol. In this example, I am using
http://demo.linuxtrainingacademy.com, but you should use your domain.

Next, connect using the HTTPS protocol. In this example, I am using
https://demo.linuxtrainingacademy.com, but you should use your domain.

http://www.LinuxTrainingAcademy.com

You will get an error or warning from the web browser because the server is using a self-signed SSL
certificate. That certificate was created by post installation script from the mod_ssl package.

You can also check the web server from the command line using the curl utility:

curl h
ttp://demo.linuxtrainingacademy.com
curl h ttps://demo.linuxtrainingacademy.com

Curl will also generate an error due to the self-signed SSL certificate. You can use the -k option to
force curl to ignore the invalid SSL cert.

curl -k https://demo.linuxtrainingacademy.com

Install the Certbot Application

You're going to use the Certbot application to generate an SSL certificate. It's not part of the base
Linux distribution, but it is available in the EPEL repository. EPEL stands for Extra Packages for
Enterprise Linux and it's a Fedora project that builds and maintains quality 3rd party packages for
RHEL based distributions such as CentOS. To add the EPEL repository to your system, simply run
the following command.

yum install -y epel-release

Now that you've added the EPEL repository, install the Certbot application.

yum install -y certbot

By the way, if you are unsure of the package name, you can also search for it with yum.

yum search certbot

If you're still not sure which package is the right one, you can get more detailed information with the
yum info command.

yum info certbot

http://www.LinuxTrainingAcademy.com
Install the Apache Certbot Plugin

The Certbot application has a few different plugins that allow it to automatically update the
configuration for the web server you are using. Since we are using Apache, we'll install the Apache
Certbot plugin.

yum install -y python2-certbot-apache

(NOTE: If you are using NGINX, you would install the NGINX plugin which is provided by the
python2-certbot-nginx package.)

Request an SSL Certificate from Let's Encrypt

To request the initial SSL Certificate execute the certbot command. If you run the command
without any options and you will be prompted for all of the required information. Because we
already know that we're using the Apache web server we can specify that on the command line with
the "--apache" option. You can also specify your domain with the "-d" option followed by your
domain. (Remember, to use YOUR domain name, not demo.linuxtrainingacademy.com.)

certbot --apache -d demo.linuxtrainingacademy.com

If you want to force all traffic to HTTPS, be sure to choose the "Secure" HTTPS access option when
prompted. If you want to allow both HTTP and HTTPS traffic, choose the "Easy" option.

On the following page is an example execution of the Certbot application including the output it
generated. The characters in bold were typed in as input.

[This space intentionally left blank. Instructions continue on the following page.]

http://www.LinuxTrainingAcademy.com
[root@demo ~]# certbot --apache -d demo.linuxtrainingacademy.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):[email protected]
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: a

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for demo.linuxtrainingacademy.com

We were unable to find a vhost with a ServerName or Address of
demo.linuxtrainingacademy.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf | | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Waiting for verification...
Cleaning up challenges

We were unable to find a vhost with a ServerName or Address of
demo.linuxtrainingacademy.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf | | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Deploying Certificate for demo.linuxtrainingacademy.com to VirtualHost
/etc/httpd/conf.d/ssl.conf

Please choose whether HTTPS access is required or optional.
-------------------------------------------------------------------------------
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
-------------------------------------------------------------------------------

http://www.LinuxTrainingAcademy.com
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled
https://demo.linuxtrainingacademy.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=demo.linuxtrainingacademy.com
-------------------------------------------------------------------------------

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/demo.linuxtrainingacademy.com/fullchain.pem.
Your cert will expire on 2017-11-08. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

[root@demo ~]#

Verify the SSL Certificate

Open up a web browser and connect to your server over HTTPS. In this example, I am using
https://demo.linuxtrainingacademy.com, but remember to use your domain. If the certificate
installation was successful you will not receive any errors or warnings about the SSL certificate. Use
your web browser to view the certificate details.

http://www.LinuxTrainingAcademy.com
You can also check the web server from the command line using the curl utility:

curl https://demo.linuxtrainingacademy.com

If the certificate is valid curl will return the contents of the web site without any errors or warnings.

By the way, the certificate files generated by the Certbot application are stored in the
/etc/letsencrypt/live directory. The Certbot application will create a subdirectory for each
set of certificates created.

find /etc/letsencrypt/live

Harden the Apache SSL Configuration - OPTIONAL

At the time that this document was written, the default Apache SSL configuration that is used on
CentOS doesn't account for certain security issues such as the Poodle Vulnerability and Heartbleed.
To address these security issues you'll need to update the Apache SSL configuration.

Open the /etc/httpd/conf.d/ssl.conf file or whichever Virtual Host file you selected when
prompted during the Let's Encrypt request process. Feel free to use your favorite text editor such as
nano, emacs, or vim. (I'm a huge of vim.)

vim /etc/httpd/conf.d/ssl.conf

Next, delete or comment out the line that starts with SSLProtocol. To comment out a line, simply
insert a # at the beginning of that line.

# I
nsecure:
# S SLProtocol all -SSLv2

Now add the more secure version of the SSLProtocol configuration.

# Secure:
SSLProtocol all -SSLv2 -SSLv3

Next, delete or comment out the line that starts with SSLCipherSuite.

# I
nsecure:
# S SLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

http://www.LinuxTrainingAcademy.com
Now add the more secure version of the SSLCipherSuite configuration.

# Secure:
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

For complete details on what these settings do, read this.

Make sure that the configuration is correct and that there are no errors. If the configuration is valid
the output of the apachectl command will be "Syntax OK". If there is an error such as a typing
mistake, fix it before continuing.

apachectl configtest

Restart the Apache web server so that it uses the updated configuration.

systemctl restart httpd

Renewing SSL Certificates

SSL Certificates issued by Let's Encrypt are valid for 90 days. To attempt an SSL Certificate
renewal, use the Certbot application.

certbot renew

Certbot will renew all previously obtained certs that expire in less than 30 days. It will also restart
Apache if any certificates are renewed.

Configure Auto Renewal Using Cron

If you don't want to manually renew your SSL certificates, create a cron job that attempts the
renewals daily. This can save you from forgetting to renew your certificate and having your website
visitors get an Expired SSL Certificate error or warning when they visit your site.

Execute the following command to edit the crontab.

crontab -e

http://www.LinuxTrainingAcademy.com
Insert the following configuration. It tells crontab to execute the "certbot renew" command every
day at midnight and save the output to the /var/log/certbot.cronlog file.

# R
enew S SL Certificates Daily
0 0 * * * /usr/bin/certbot renew &>/var/log/certbot.cronlog

Save your changes. To check that the cron configuration has been updated run the following
command.

crontab -l

For reference, below is the crontab format. The first five fields are the time specification. They are
minutes, hour, day of the month, month, and day of the week. After the time specification, you
provide the command to be executed. The command will only be executed when all of the time
specification fields match the current date and time. Typically, one or more of the time specification
fields will contain an asterisk (*) which matches any time or date for that field.

* * * * * command
| | | | |
| | | | +-- Day of the Week (0-6)
| | | +---- Month of the Year (1-12)
| | +------ Day of the Month (1-31)
| +-------- Hour (0-23)
+---------- Minute (0-59)

Configure Auto Renewal Using Systemd Timers - OPTIONAL

NOTE: You only need to schedule automatic SSL cert renewals using either the cron method or the
systemd timers method, not both.

The certbot package includes a certbot-renew systemd service. When you start the service, it
attempts to renew the SSL certs on the system just as if you executed "certbot renew" on the
command line. This service is not like most services because it executes and then immediately
exits. It is not a background service that runs all the time.

systemctl start certbot-renew.service

When you check the status of the service it will report "inactive."

systemctl status certbot-renew.service

http://www.LinuxTrainingAcademy.com
The certbot package also includes a systemd timer that will execute the certbot-renew.service daily.
First, start the timer and then enable it so that the timer starts on boot.

systemctl s
tart certbot-renew.timer
systemctl e nable certbot-renew.timer

You can view the status of the systemd timers using the following command.

systemctl list-timers

Congratulations!

At this point, you should have a valid SSL certificate that will be automatically renewed.

Additional Resources

If you enjoyed this tutorial, then you will also enjoy one of our many courses available at
https://courses.linuxtrainingacademy.com.

http://www.LinuxTrainingAcademy.com

LPI 303-200: Security
100% (1)
LPI 303-200: Security
39 pages
Payment Gateway Implementation
100% (2)
Payment Gateway Implementation
14 pages
Generating A Certificate Signing Request (CSR) : Certificates
100% (1)
Generating A Certificate Signing Request (CSR) : Certificates
4 pages
Enabling SSL For AWS EC2 Instances
No ratings yet
Enabling SSL For AWS EC2 Instances
2 pages
Rfid Project Report
100% (1)
Rfid Project Report
65 pages
Installing An SSL Certificate On AlmaLinux9 Running Nginx
No ratings yet
Installing An SSL Certificate On AlmaLinux9 Running Nginx
10 pages
Installing An SSL Certificate On AlmaLinux9 Running Nginx
No ratings yet
Installing An SSL Certificate On AlmaLinux9 Running Nginx
10 pages
How To Secure Apache With Let'S Encrypt On Centos 8
No ratings yet
How To Secure Apache With Let'S Encrypt On Centos 8
14 pages
How to Install an SSL Certificate on an AlmaLinux Server With Nginx Using Let’s Encrypt _ Linux Training Academy
No ratings yet
How to Install an SSL Certificate on an AlmaLinux Server With Nginx Using Let’s Encrypt _ Linux Training Academy
12 pages
Evaluation of Some Cloud Based Virtual Private Server (VPS) Providers
From Everand
Evaluation of Some Cloud Based Virtual Private Server (VPS) Providers
Dr. Hidaia Mamood Alassouli
No ratings yet
Evaluation of Some Cloud Based Virtual Private Server (VPS) Providers
From Everand
Evaluation of Some Cloud Based Virtual Private Server (VPS) Providers
Dr. Hidaia Mahmood Alassouli
No ratings yet
Generate Apache SSL Certificate Files
No ratings yet
Generate Apache SSL Certificate Files
15 pages
Red Hat Linux Guide
No ratings yet
Red Hat Linux Guide
7 pages
Secure Nginx With Let's Encrypt SSL On Debian 10 - 11
No ratings yet
Secure Nginx With Let's Encrypt SSL On Debian 10 - 11
3 pages
A Guide On How To Setup An Apache Virtual-Host Using A Self-Signed Certificate
No ratings yet
A Guide On How To Setup An Apache Virtual-Host Using A Self-Signed Certificate
7 pages
Secure Nginx With Let's Encrypt SSL On Debian 10 - 11
No ratings yet
Secure Nginx With Let's Encrypt SSL On Debian 10 - 11
3 pages
LINUX HTTPS Server-Client, With SSL Encryption, Port 443 Requests
100% (1)
LINUX HTTPS Server-Client, With SSL Encryption, Port 443 Requests
33 pages
How To Secure Apache With Let's Encrypt On Ubuntu 18
No ratings yet
How To Secure Apache With Let's Encrypt On Ubuntu 18
8 pages
How To Install Custom SSL
No ratings yet
How To Install Custom SSL
2 pages
SSL Certificates With Apache 2 On Ubuntu 12.04 (Precise Pangolin)
No ratings yet
SSL Certificates With Apache 2 On Ubuntu 12.04 (Precise Pangolin)
6 pages
Get SSL Certificate with Certbot — Code Done Right!
No ratings yet
Get SSL Certificate with Certbot — Code Done Right!
6 pages
SSL Certificate installation on linux centos
No ratings yet
SSL Certificate installation on linux centos
3 pages
Configuration of a Simple Samba File Server, Quota and Schedule Backup
From Everand
Configuration of a Simple Samba File Server, Quota and Schedule Backup
Dr. Hedaya Alasooly
No ratings yet
How To Create A SSL Certificate On Apache For Debian 7 PDF
No ratings yet
How To Create A SSL Certificate On Apache For Debian 7 PDF
4 pages
VPS Server Setup
From Everand
VPS Server Setup
L Mohan Arun
5/5 (1)
Hiding Web Traffic with SSH: How to Protect Your Internet Privacy against Corporate Firewall or Insecure Wireless
From Everand
Hiding Web Traffic with SSH: How to Protect Your Internet Privacy against Corporate Firewall or Insecure Wireless
Slava Gomzin
No ratings yet
How To Secure Apache With Let's Encrypt On Ubuntu 20.04 - DigitalOcean
No ratings yet
How To Secure Apache With Let's Encrypt On Ubuntu 20.04 - DigitalOcean
19 pages
Apache Web Server Tutorial For Linux: Search
No ratings yet
Apache Web Server Tutorial For Linux: Search
18 pages
Install Letsencrypt Certificate On Ubuntu
No ratings yet
Install Letsencrypt Certificate On Ubuntu
2 pages
Installation SSL Certificates and Coturn For OpenMeetings 7.0.0 On Ubuntu 22.04 Lts
No ratings yet
Installation SSL Certificates and Coturn For OpenMeetings 7.0.0 On Ubuntu 22.04 Lts
10 pages
Centos 7-8 Installation SSL Certificates and Coturn For OpenMeetings 5.0.0-M3
No ratings yet
Centos 7-8 Installation SSL Certificates and Coturn For OpenMeetings 5.0.0-M3
10 pages
Installation SSL Certificates For OpenMeetings 7.1.0 On Ubuntu 22.04 Lts
No ratings yet
Installation SSL Certificates For OpenMeetings 7.1.0 On Ubuntu 22.04 Lts
7 pages
Apache How To Setup Https SSL
No ratings yet
Apache How To Setup Https SSL
12 pages
Manually Install An SSL Certificate On My Apache Server
No ratings yet
Manually Install An SSL Certificate On My Apache Server
2 pages
Generating SSL Certificate
No ratings yet
Generating SSL Certificate
8 pages
Installation SSL Certificates and Coturn For OpenMeetings 5.0.0-M3
No ratings yet
Installation SSL Certificates and Coturn For OpenMeetings 5.0.0-M3
10 pages
Hands On Labs+: Apache and Self Signed SSL Certificates
No ratings yet
Hands On Labs+: Apache and Self Signed SSL Certificates
13 pages
Build Your First Home Server
From Everand
Build Your First Home Server
R.R. Arnob
No ratings yet
SSL Apache Howto
No ratings yet
SSL Apache Howto
10 pages
Setting Up An SSL Server With Apache2
No ratings yet
Setting Up An SSL Server With Apache2
4 pages
Linux DevOps Tools Engineer (701) Practice Tests: 400 Questions to Ace Your Certification
From Everand
Linux DevOps Tools Engineer (701) Practice Tests: 400 Questions to Ace Your Certification
Steve Brown
No ratings yet
Configuration of a Simple Samba File Server, Quota and Schedule Backup
From Everand
Configuration of a Simple Samba File Server, Quota and Schedule Backup
Dr. Hidaia Mahmood Alassouli
No ratings yet
Configuration of Apache Server To Support ASP
From Everand
Configuration of Apache Server To Support ASP
Dr. Hedaya Mahmood Alasooly
No ratings yet
Configuration
No ratings yet
Configuration
7 pages
Apache Upgrade For Content Server
No ratings yet
Apache Upgrade For Content Server
6 pages
A concise guide to PHP MySQL and Apache
From Everand
A concise guide to PHP MySQL and Apache
alasdair gilchrist
4/5 (2)
CONFIGURATION OF APACHE SERVER TO SUPPORT ASP
From Everand
CONFIGURATION OF APACHE SERVER TO SUPPORT ASP
DR. HIDAIA MAHMOOD ALASSOULI
No ratings yet
How To Create A SSL Certificate On Apache For Ubuntu 12.04: Help & Community
No ratings yet
How To Create A SSL Certificate On Apache For Ubuntu 12.04: Help & Community
3 pages
Install Certificate With Lets Encripty
No ratings yet
Install Certificate With Lets Encripty
6 pages
Vps Toolkit
From Everand
Vps Toolkit
Davide Gatti
No ratings yet
Rhel Advanced Linux Cheat Sheet r3v1
No ratings yet
Rhel Advanced Linux Cheat Sheet r3v1
5 pages
Rheladvancedlinux Cheat Sheet r3v1
No ratings yet
Rheladvancedlinux Cheat Sheet r3v1
5 pages
Mastering Go Network Automation: Automating Networks, Container Orchestration, Kubernetes with Puppet, Vegeta and Apache JMeter
From Everand
Mastering Go Network Automation: Automating Networks, Container Orchestration, Kubernetes with Puppet, Vegeta and Apache JMeter
Ian Taylor
No ratings yet
Mastering Go Network Automation
From Everand
Mastering Go Network Automation
Ian Taylor
No ratings yet
apache-ssl-exercises
No ratings yet
apache-ssl-exercises
3 pages
Opsætning Af SSL-Apache
No ratings yet
Opsætning Af SSL-Apache
4 pages
Pki Openssl
100% (1)
Pki Openssl
11 pages
Comandos Server Test
No ratings yet
Comandos Server Test
2 pages
basic-http-config
No ratings yet
basic-http-config
1 page
Tencent-Cloud 1007 36568 en
No ratings yet
Tencent-Cloud 1007 36568 en
59 pages
Create a Web Server That Pulls a Certificate From c2b2116d00d148888a7ac9c58e07c6e9
No ratings yet
Create a Web Server That Pulls a Certificate From c2b2116d00d148888a7ac9c58e07c6e9
5 pages
Entry Part of Holistic Repord Card in Banglar Shiksha Portal
No ratings yet
Entry Part of Holistic Repord Card in Banglar Shiksha Portal
15 pages
How To Install ITIC and TADDM Adapter
No ratings yet
How To Install ITIC and TADDM Adapter
3 pages
Home Automation Using Raspberry Pi Through Webserver
No ratings yet
Home Automation Using Raspberry Pi Through Webserver
6 pages
Uttar Pradesh Power Corporation LTD
No ratings yet
Uttar Pradesh Power Corporation LTD
1 page
SC-STC-001-5.9 - Module 4 - Access Control Configuration
No ratings yet
SC-STC-001-5.9 - Module 4 - Access Control Configuration
36 pages
CMS Requirements Document
No ratings yet
CMS Requirements Document
19 pages
Hall Ticket
No ratings yet
Hall Ticket
2 pages
Rti Application For Illegal Construction
100% (2)
Rti Application For Illegal Construction
7 pages
Firewall Locations and Configurations
No ratings yet
Firewall Locations and Configurations
39 pages
E Ticsrthfgjdfjdvdfgdket
No ratings yet
E Ticsrthfgjdfjdvdfgdket
1 page
IDS, Firewall & Honeypot
100% (4)
IDS, Firewall & Honeypot
11 pages
DoorProtect Plus Jeweller User Manual - Ajax Systems Support
No ratings yet
DoorProtect Plus Jeweller User Manual - Ajax Systems Support
27 pages
AIS Chap 8
No ratings yet
AIS Chap 8
23 pages
Examination Registration For: A. Your Personal Details
No ratings yet
Examination Registration For: A. Your Personal Details
3 pages
Whitepaper Nddprint 360
No ratings yet
Whitepaper Nddprint 360
11 pages
Uninstall Password Generation
No ratings yet
Uninstall Password Generation
3 pages
Your Electronic Ticket Receipt PDF
No ratings yet
Your Electronic Ticket Receipt PDF
2 pages
Supplier 8D Form
No ratings yet
Supplier 8D Form
3 pages
Nepal Telecom Call Details Stolen by Chinese Hackers
0% (1)
Nepal Telecom Call Details Stolen by Chinese Hackers
2 pages
Wireless Security
No ratings yet
Wireless Security
11 pages
ABM e Municipality
No ratings yet
ABM e Municipality
3 pages
AEn G3 GROUP-ESSAY-OUTLINE
No ratings yet
AEn G3 GROUP-ESSAY-OUTLINE
6 pages
Tanks The M1A1 Abrams
80% (5)
Tanks The M1A1 Abrams
56 pages
Rev - 11 - Ms - Installation of Fire Alarm System
No ratings yet
Rev - 11 - Ms - Installation of Fire Alarm System
9 pages
Explanacao Controle HVB
No ratings yet
Explanacao Controle HVB
24 pages
Personal Cyber Security PDF
100% (1)
Personal Cyber Security PDF
28 pages
CAT Theory Study Guide 2023
No ratings yet
CAT Theory Study Guide 2023
122 pages
Heine - Florentine Nights
No ratings yet
Heine - Florentine Nights
465 pages
Unmasking The Threat: Safeguarding Against ATM Frauds Unmasking The Threat: Safeguarding Against ATM Frauds
No ratings yet
Unmasking The Threat: Safeguarding Against ATM Frauds Unmasking The Threat: Safeguarding Against ATM Frauds
14 pages

LetsEncrypt Project Instructions

Uploaded by

LetsEncrypt Project Instructions

Uploaded by

Installing​ ​an​ ​SSL​ ​Certificate​ ​on​ ​CentOS​ ​Running​ ​Apache

Background​ ​and​ ​Prerequisites:

Connect​ ​to​ ​the​ ​Server​ ​as​ ​Root

Create​ ​a​ ​Sample​ ​Web​ ​Page

Allow​ ​Inbound​ ​HTTP​ ​Traffic

Install​ ​the​ ​Certbot​ ​Application

Request​ ​an​ ​SSL​ ​Certificate​ ​from​ ​Let's​ ​Encrypt

Verify​ ​the​ ​SSL​ ​Certificate

Harden​ ​the​ ​Apache​ ​SSL​ ​Configuration​ ​-​ ​OPTIONAL

Renewing​ ​SSL​ ​Certificates

Configure​ ​Auto​ ​Renewal​ ​Using​ ​Cron

Configure​ ​Auto​ ​Renewal​ ​Using​ ​Systemd​ ​Timers​ ​-​ ​OPTIONAL

You might also like

Installing an SSL Certificate on CentOS Running Apache

Background and Prerequisites:

Connect to the Server as Root

Create a Sample Web Page

Allow Inbound HTTP Traffic

Install the Certbot Application

Request an SSL Certificate from Let's Encrypt

Verify the SSL Certificate

Harden the Apache SSL Configuration - OPTIONAL

Renewing SSL Certificates

Configure Auto Renewal Using Cron

Configure Auto Renewal Using Systemd Timers - OPTIONAL