Easy Peasy SSL
Do you have a blog or small site running on Apache Linux? Then you really need to consider securing it using Let’s Encrypt. As a free, easy to use, “set it and forget it” method for making your site have that oh so lovely & secure HTTPS prefix then this is a must. Once setup it should mean your site is secure and updates automatically!
Please note – although Let’s Encrypt can be used in lot’s of commercial applications you still might want to consider a more commercially oriented SSL certificate provider. I personally use Digicert for our main certs on our production servers
1. Install Cerbot to your home directory: Skip this step if already installed
Hint: ~ is the equivalent of your home directory i.e. /home/ec2-user/
cd ~ wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto
2. What domain are you securing? – include www or another subdomain
3. What’s it’s document root directory on your server? E.g. /var/www/html/mywebsite.com/ – Don’t forget the end /
4. Now let’s get some certificates:
sudo ~/certbot-auto certonly --debug --webroot -w ??? -d ???
…this should have created you 3 certs in /etc/letsencrypt/live/???/ called cert.pem, privkey.pem & chain.pem (Take a look)
5. Now add this to your vhosts.conf file sudo vim /etc/httpd/conf.d/vhosts.conf:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/???/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/???/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/???/chain.pem
ServerName ???
DocumentRoot ???
ErrorLog /var/www/private/error_logs/https.???.log
#ServerAdmin info@???
<Directory "???">
AllowOverride All
</Directory>
</VirtualHost>
6. Reload Apache: sudo service httpd reload:
7. Test your SSL setup using this URL: https://www.ssllabs.com/ssltest/analyze.html?d=???
8. Test the auto renewal process: ~/certbot-auto renew --dry-run
9. If all good lets run a cron job to do the auto check twice a day:
sudo crontab -e 45 4,16 * * * ~/certbot-auto renew --quiet # Twice a day
Recent Comments