How can you get a free ssl certificate for your site?

in linux •  7 months ago

Do you have a blog or site and want to get an SSL certificate for your site?
You found out that it's important for Google to have an SSL certificate on your site to count on Google results!

free-ssl.png

I'll show you how I did for my blog https://blog.ceae.info/

We found last year the project "Let's Encrypt"
Selection_015.jpg

It is a project supported by several corporations. The list below !
Selection_016.jpg

I have followed the explained steps for shell access because I have my own blog server, and I think it's the easiest way.
More information and explanations here https://letsencrypt.org/getting-started/

Even their recommendation is to use the shell access path, since you choose this path you are redirected to another site where you download an application https://certbot.eff.org/#centosrhel7-apache
In the above link I have already selected Apache with Centos 7.
Go to your server in the shell and write.

yum install certbot-apache

It installs what you need to put the SSL certificate.

Next step

certbot --authenticator webroot --installer apache

And that's it, you'll get a 3-month free certificate.
For renewal you only have to do the next step:

certbot renew --dry-run

Case 2 now


Let's say you have multiple sites on your server and you only want a SSL certificate for a site.
Step 1: ( real example )
Execute the command:

certbot certonly --webroot -w /var/www/html/itsmartsystems.tk -d www.itsmartsystems.tk
Suppose we already installed certbot ( yum -y install certbot ) For the above case we want to for an ssl certificate for the www.itsmartsystems.tk domain. The result after I run certbot:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.itsmartsystems.tk
Using the webroot path /var/www/html/itsmartsystems.tk for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.itsmartsystems.tk/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.itsmartsystems.tk/privkey.pem
    Your cert will expire on 2018-04-28. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

Now we need to edit the configuration file in VHOST.
vim /etc/httpd/conf.d/VHOSTS-le-ssl.conf

<  IfModule mod_ssl.c  >
<VirtualHost 172.41.1.100:443>
        <Directory /var/www/html/luconsult.tk>
                Order deny,allow
                Allow from all
                DirectoryIndex index.html
                Options +Indexes
        
        ServerName www.itsmartsystems.tk
        ServerPath /itsmartsystems.tk
        DocumentRoot /var/www/html/itsmartsystems.tk
        CustomLog /var/log/httpd/isstk_access.log common
        ErrorLog /var/log/httpd/isstk_error.log
SSLCertificateFile /etc/letsencrypt/live/www.itsmartsystems.tk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.itsmartsystems.tk/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.itsmartsystems.tk/fullchain.pem

<  /IfModule  >
After that, we restart the apache server.
systemctl restart httpd
You can see the result here: https://www.itsmartsystems.tk/

After the expiration of the certificate, we only have this step.

certbot renew

Enjoy and happy new day !

Source: https://certbot.eff.org/docs/using.html

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

This post has received a 1.25 % upvote from @boomerang thanks to: @luciancovaci

LitasIO

Well done! This post has received a 100.00 % upvote from @litasio thanks to: @luciancovaci. Whoop!

If you would like to delegate to the @LitasIO you can do so by clicking on the following link: 10SP