Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

Fedora35 ; Let’s Encrypt , Apache SSL

Obtain SSL Certificate (Let's Encrypt)

Install the latest open ssl

# dnf install openssl-devel

1.Certificate Installation

# dnf -y install certbot
# certbot certonly --webroot -w /var/www/html/[domain name] -d [domain name]
# Registration of e-mail address and agreement to terms of use are required for the first time only.
# Specify an email address to receive

Enter email address (used for urgent notices and lost key recovery)

<Administrator's email address>

< OK > <Cancel>

# agree to the Terms of Use
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf.
You must agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

<Agree > <Cancel>

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/[domain name]/fullchain.pem. Your cert will
expire on 2022-01-27. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

#If [Congratulations] is displayed, it succeeds.
# The following certificate has been obtained under [/etc/letsencrypt/live/[domain name]/] as described in the message

# cert.pem ⇒ SSL server certificate (including public key)
# chain.pem ⇒ intermediate certificate
# fullchain.pem ⇒File containing cert.pem and chain.pem combined
# privkey.pem ⇒ private key

2.Automatic renewal of certificates (Let's Encrypt)

①Pre-registration testing
Test the automatic update with the following --dry-run option.
With this option, certificates are not renewed, only checked, so there is no need to worry about getting stuck with a limit on the number of times a certificate can be obtained.

# certbot renew --dry-run

②crontab registration

# crontab -e
# On the first day of each month, at 3:00 a.m.
#Execute "/usr/bin/certbot renew" as "root" user
# Restart web server "apache"
00 03 01 * * root /usr/bin/certbot renew && /usr/sbin/service apache2 restart

Apache https conversion

Install the following just in case

# dnf -y install mod_ssl

1. Edit ssl.conf file

# vi /etc/httpd/conf.d/ssl.conf
●Line 59 :  Uncomment  change
DocumentRoot "/var/www/html/<domain name>"
●Line 60 : Uncomment  change
ServerName <omain name>:443
●Line 101 :  Comment out and add under it
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile  /etc/letsencrypt/live/<omain name>/cert.pem
●Line 109 :  Comment out and add under it
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/letsencrypt/live/<omain name>/privkey.pem
●Line 119 :  add
SSLCertificateChainFile /etc/letsencrypt/live/<omain name>/chain.pem
# a2enmod ssl
Restart Apache.
# systemctl restart httpd
Allow https in Firewall
# firewall-cmd --add-service=https --permanent
success
# firewall-cmd --reload
success
タイトルとURLをコピーしました