- SSH into the serverSSH into the server running your HTTP website as a user with sudo privileges.
- Install CertbotRun these commands on the command line on the machine to install Certbot.
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
- Choose how you’d like to run CertbotAre you ok with temporarily stopping your website?
Yes, my web server is not currently running on this machine.
Stop your webserver, then run this command to get a certificate. Certbot will temporarily spin up a webserver on your machine.
sudo /usr/local/bin/certbot-auto certonly --standalone
No, I need to keep my web server running.
If you have a webserver that’s already using port 80 and don’t want to stop it while Certbot runs, run this command and follow the instructions in the terminal.
sudo /usr/local/bin/certbot-auto certonly --webroot
4. Install your certificate
You’ll need to install your new certificate in the configuration file for your webserver
5. Set up automatic renewal
We recommend running the following line, which will add a cron job to the default crontab.
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null
If you needed to stop your webserver to run Certbot, you’ll want to add --pre-hook and --post-hook flags after /usr/local/bin/certbot-auto renew to stop and start your webserver automatically. For example, if your webserver is HAProxy, modify the command as follows:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q --pre-hook 'service haproxy stop' --post-hook 'service haproxy start'" | sudo tee -a /etc/crontab > /dev/null
More information is available in the Certbot documentation on renewing certificates.
6. Confirm that Certbot worked
To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.
Mình lập blog này với mục đích lưu lại + chia sẻ các các kiến thức mình đã biết hoặc đang tìm hiểu. Cơ bản giúp ích cho mình 🙂 Nhưng hy vọng sẽ mang lại sự khởi đầu thuận lợi cho người mới bắt đầu!