How to Install Let's Encrypt (CentOS/Debian/Ubuntu)

This tutorial will show you on how to install a Let's Encrypt on your Ubuntu, Debian or CentOS VPS.

Requirements

A Linux VPS

 

Update your server's software

CentOS

sudo yum update && sudo yum upgrade

Debian / Ubuntu

sudo apt update && sudo apt upgrade


Download and Install Let’s Encrypt

CentOS

sudo yum install git

Debian / Ubuntu

sudo apt-get install git


Create an SSL Certificate

Let’s Encrypt automatically performs Domain Validation (DV) using a series of challenges. The Certificate Authority (CA) uses challenges to verify the authenticity of your computer’s domain. Once your Linode has been validated, the CA will issue SSL certificates to you.

  1. Run Let’s Encrypt with the --standalone parameter. For each additional domain name requiring a certificate, add -d example.com to the end of the command.

    sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
    
    Note
    Let’s Encrypt does not deploy wildcard certificates. Each subdomain requires its own certificate.
  2. When prompted, specify an administrative email address. This will allow you to regain control of a lost certificate and receive urgent security notices if necessary. Press ENTER or RETURN to save.

  3. Agree to the Terms of Service and specify if you would like to share your email address with EFF.



Check Certificate Domains

The output of the Let’s Encrypt script shows where your certificate is stored; in this case, /etc/letsencrypt/live:

sudo ls /etc/letsencrypt/live

All of the domains you specified above will be covered under this single certificate. This can be verified as follows:

./certbot-auto certificates


Update Let’s Encrypt

  1. Return to the /opt/letsencrypt directory:

    cd /opt/letsencrypt
    
  2. Download any changes made to Let’s Encrypt since you last cloned or pulled the repository, effectively updating it:

    sudo git pull
    

 

Automatically Renew SSL Certificates (Optional)

You can also automate certificate renewal. This will prevent your certificates from expiring, and can be accomplished with cron.

  1. The output of the previous command shows how to non-interactively renew all of your certificates:

    ./letsencrypt-auto renew
    
  2. Set this task to run automatically once per month using a cron job:

    sudo crontab -e
    

    Add the following line to the end of the crontab file:

    crontab
    0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew
     

Automatically Update Let’s Encrypt (Optional)

You can also use cron to keep the letsencrypt-auto client up to date.

 
sudo crontab -e
crontab
0 0 1 * * cd /opt/letsencrypt && git pull


For more information visit: letsencrypt.org

  • 0 utilizatori au considerat informaţia utilă
Răspunsul a fost util?

Articole similare

How to Install CS:GO server on CentOS 7

In this tutorial I'll explain how to setup a Counter-Strike: Global Offensive server. The steps...

How to Install CS:GO server on Ubuntu

This tutorial will show you on how to install a Counter-Strike: Global Offensive Server on your...

How to Secure and Harden a VPS (CentOS/Ubuntu)

This tutorial will show you on how to secure and harden your Ubuntu or CentOS VPS. RequirementsA...

How to Install Fail2Ban (Ubuntu/CentOS)

This tutorial will show you on how to install Fail2Ban on your Ubuntu or CentOS VPS....

Iptables Anti-DDoS Rules

You can use the below iptables ruleset for additional DDoS protection of your Linux server.#Drop...