Certbot above on CentOS 6

10 Tháng Tư, 2020 honest Hệ thống, Linux 0

  1. SSH into the serverSSH into the server running your HTTP website as a user with sudo privileges.
  2. Install CertbotRun these commands on the command line on the machine to install Certbot.

wget https://dl.eff.org/certbot-auto

sudo mv certbot-auto /usr/local/bin/certbot-auto

sudo chown root /usr/local/bin/certbot-auto

sudo chmod 0755 /usr/local/bin/certbot-auto

  1. Choose how you’d like to run CertbotAre you ok with temporarily stopping your website?

    Yes, my web server is not currently running on this machine.

    Stop your webserver, then run this command to get a certificate. Certbot will temporarily spin up a webserver on your machine.

    sudo /usr/local/bin/certbot-auto certonly --standalone

    No, I need to keep my web server running.

    If you have a webserver that’s already using port 80 and don’t want to stop it while Certbot runs, run this command and follow the instructions in the terminal.

    sudo /usr/local/bin/certbot-auto certonly --webroot

4. Install your certificate

You’ll need to install your new certificate in the configuration file for your webserver

5. Set up automatic renewal

We recommend running the following line, which will add a cron job to the default crontab.

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null

If you needed to stop your webserver to run Certbot, you’ll want to add --pre-hook and --post-hook flags after /usr/local/bin/certbot-auto renew to stop and start your webserver automatically. For example, if your webserver is HAProxy, modify the command as follows:

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q --pre-hook 'service haproxy stop' --post-hook 'service haproxy start'" | sudo tee -a /etc/crontab > /dev/null

More information is available in the Certbot documentation on renewing certificates.

6. Confirm that Certbot worked

To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.

Giới thiệu honest 237 bài viết
Mình lập blog này với mục đích lưu lại + chia sẻ các các kiến thức mình đã biết hoặc đang tìm hiểu. Cơ bản giúp ích cho mình :) Nhưng hy vọng sẽ mang lại sự khởi đầu thuận lợi cho người mới bắt đầu!