Let's Encrypt Configuration On Ubuntu

What is Let's Encrypt ?

Let's Encrypt is an upcoming certificate authority to be launched in late 2015 that will provide free Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates via an automated process designed to eliminate the current complex process of manual creation and installation of certificates for secure websites. You can find out more about Let's Encryp't here or in here.

Prerequisites

In order to comple this guide you will need this requirements : 

• An Ubuntu 14.04 with a non-root sudo user.
• The Apache web server installed with one or more domain names properly configured.

Log in to your server with your sudo account 

Step 1 - Install The Server Dependencies

Update the repository of your server with this command

• sudo apt-get update

Install git to download the Let's Encrypt Client

• sudo apt-get install git

Step 2 - Install The Let's Encrypt Client

Next, we will download the Let’s Encrypt client from its official repository, placing its files in a special location on the server. 

We will clone the Let’s Encrypt repository under /opt, which is a standard directory for placing third-party software on Unix systems:

Run this command on your server

• sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

This will create a local copy of the official Let’s Encrypt repository under /opt/letsencrypt.

Step 3 - Setup The SSL Certificate

Access the letsencrypt directory:

• cd /opt/letsencrypt

To execute the interactive installation and obtain a certificate that covers only a single domain, run the letsencrypt-auto command with:

• ./letsencrypt-auto --apache -d example.com 

In this case our domain is example.com , -d is mean domain on that command.

If you want to install a single certificate that is valid for multiple domains or subdomains, you can pass them as additional parameters to the command. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate, and for that reason we recommend that you pass the bare top-level domain name as first in the list, followed by any additional subdomains or aliases:

• ./letsencrypt-auto --apache -d example.com -d www.example.com

After the dependencies are installed, you will be presented with a step-by-step guide to customize your certificate options. You will be asked to provide an email address for lost key recovery and notices, and you will be able to choose between enabling both http and https access or force all requests to redirect to https.

When the installation is finished, you should be able to find the generated certificate files at /etc/letsencrypt/live. You can verify the status of your SSL certificate with the following link (don’t forget to replace example.com with your base domain):

• https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest

ou should now be able to access your website using a https prefix.

Step 4 - Set Up Let's Encrypt Auto Renewal

Let’s Encrypt certificates are valid for 90 days, but it’s recommended that you renew the certificates every 60 days to allow a margin of error. The Let's Encrypt client has a renew command that automatically checks the currently installed certificates and tries to renew them if they are less than 30 days away from the expiration date.

To trigger the renewal process for all installed domains, you should run:

• ./letsencrypt-auto renew

Because we recently installed the certificate, the command will only check for the expiration date and print a message informing that the certificate is not due to renewal yet. The output should look similar to this:

Checking for new version...
Requesting root privileges to run letsencrypt...
   /root/.local/share/letsencrypt/bin/letsencrypt renew
Processing /etc/letsencrypt/renewal/example.com.conf
The following certs are not due for renewal yet:
  /etc/letsencrypt/live/example.com/fullchain.pem (skipped)
No renewals were attempted.

 Notice that if you created a bundled certificate with multiple domains, only the base domain name will be shown in the output, but the renewal should be valid for all domains included in this certificate.A practical way to ensure your certificates won’t get outdated is to create a cron job that will periodically execute the automatic renewal command for you. Since the renewal first checks for the expiration date and only executes the renewal if the certificate is less than 30 days away from expiration, it is safe to create a cron job that runs every week or even every day, for instance.
Let's edit the crontab to create a new job that will run the renewal command every week. To edit the crontab for the root user, run:

• sudo crontab -e

Include the following content, all in one line:

crontab
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

Save and exit. This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am. The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.

Step 5 - Updating The Let's Encrypt Client (OPTIONAL)
Whenever new updates are available for the client, you can update your local copy by running a git pull from inside the Let’s Encrypt directory:

• cd /opt/letsencrypt

• sudo git pull

This will download all recent changes to the repository, updating your client. 

Tweet

Jangan sampai ketinggalan postingan-postingan terbaik dari PF Host!. Berlangganan melalui email sekarang juga:

Atau sobat juga bisa follow PF Host! dengan mengklik tombol di bawah ini:

Artikel keren lainnya:

• JQuery 3.1.1 Has Been Released!
• Make API Using Laravel #Part1
• What Is WEB GL ?
• Free NoSQL Technology You Can Try!
• All Popular Python Framework You Need To Know!

Ditulis oleh Unknown pada tanggal Friday, April 29, 2016