Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

Install Let's Encrypt on CentOS7.6 for SSL

1.What is Let's Encrypt!

When preparing an SSL/TLS server certificate for a server installed on a local network for website development, etc., a self-certificate has been issued and used until now.
If you don't mind a few glitches such as warnings, using a self-certificate would have been sufficient, but when using the browser notification function, it is required that the certificate be issued by an approved certification authority, so using a self-certificate alone will result in an error. You can avoid the error by installing a self-certified authority certificate in each browser, but it needs to be installed in all browsers to be verified, or it may not be possible to install it in the case of smartphones and tablets.
The only way to solve these problems used to be to use a paid SSL/TLS server certificate issuing service.
Recently, however, a free SSL/TLS server certificate issuing service by Let's Encrypt has become available. This time, we will use this service to obtain an SSL/TLS server certificate and install it on CentOS7.6.

2.Download Let's Encrypt

download

Changing access permissions

3.Confirmation beforehand

1)The Apache module "mod_ssl" is required. Check to see if it is installed

2)If you see "ssl_module (shared)" in the list, you are good to go, but if not, install it as follows

3) Check your firewall settings, as you need to allow the passage of port 443 for https.

If "https" is written in "services," there is no problem.
If it is not yet set, do the following to allow port 443 to pass.

4.Install certbot

  • The -d option is used to specify the domain, but multiple domains can be specified, such as -d example.com -d test.example.com. The first domain you specify becomes the common name.
  • Every domain you specify must have an A record that points to this server.
  • The -w option specifies the document root directory. If you want to specify a different document root directory for each domain, you can write the -w option just before the -d option.

5.Creating a certificate

After installing certbot, the interactive certificate creation process will begin.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

Select "No" to not disclose your administrator email address to Let's Encrypt partners
Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: No

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

6.Check the server certificate.

7.Reflecting in Apache

We will recompile Apache, see also the next page (ssl.conf will not be used)

Move to the Apache installation directory and recompile.

httpd.conf Editing a file
Listen 0.0.0.0:443
ServerName localhost:443

Change virtual host settings
<VirtualHost *:80>
ServerAdmin [Email address] ServerName [FQDN] ServerSignature Off
RewriteEngine On
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent] ErrorLog /var/log/httpd/redirect.error.log
LogLevel warn
ErrorDocument 404 /
</VirtualHost><VirtualHost *:443>
SSLEngine on
DocumentRoot /var/www/html/[FQDN] ServerName [FQDN] ServerAlias localhost
ErrorLog "| /usr/local/apache2/bin/rotatelogs /var/log/httpd/[FQDN]_error_log_%Y%m%d 86400 540"
CustomLog "| /usr/local/apache2/bin/rotatelogs /var/log/httpd/ [FQDN]_access_log_%Y%m%d 86400 540" combined
<Directory "/var/www/html/[FQDN]">
Options Indexes Includes FollowSymLinks MultiViews ExecCGI
Require all granted
#Allow from all
AddHandler server-parsed .html
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</Directory>
SSLCertificateFile /etc/letsencrypt/live/[FQDN]/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/[FQDN]/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/[FQDN]/chain.pem
Include /opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/options-ssl-apache.conf
</VirtualHost>
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so ← Add
LoadModule rewrite_module modules/mod_rewrite.so ← Add
LoadModule ssl_module modules/mod_ssl.so ← Add

Restart Apache.

タイトルとURLをコピーしました