How to create and install SSL certificate

in #ssl3 years ago

How to create and install SSL certificate

By Eugene Luzgin @ EOS Tribe

1. Install certbot from Let's Encrypt

add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot -y

2. Make sure nothing is running on port 80 prior to next step and it's accessible if firewall is installed.

netstat -an | grep " 80"
sudo ufw enable 80 *
*) Can be disabled/switched off later.

3. Generate your SSL certificate and private key:

sudo certbot certonly --standalone --preferred-challenges http -d [SERVER DOMAIN NAME]*

Example: sudo certbot certonly --standalone --preferred-challenges http -d api.eostribe.io

*) Note: DNS must resolve this domain name to your server IP or otherwise this step won't work.

If all goes well - you should see an output like this:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/node.blockmatrix.network/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/node.blockmatrix.network/privkey.pem
    Your cert will expire on [DATE]. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    "certbot renew"

Fetch and use the created files:

You could find the created certificate and private key file under the your domain folder:
/etc/letsencrypt/live/[SERVER DOMAIN NAME]/*.pem

You will find two files there:

  • fullchain.pem - contains your SSL certificate
  • private.pem - contains your private key

Copy those files and use them where you need them.

Note: For HAProxy configuration I had to combine fullchain.pem and private.pem content into a single pem file.