Build your free SSL certificate with Let'sencrypt

Precondition:

- You want to get a SSL certificate for your production web application.
- You use AWS but don't want to use ACM because it attaches to other unused service ( ACM doesn't work with ec2 instance but to relate to ELB or Cloud Front )

Installation:

- First you have to enable EPEL ( Extra Packages for Enterprise Linux ) 
$ sudo yum install epel-release
- Then you get a version copy of certbot: 
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
- Now you use certonly command to obtain your certificate
./path/to/certbot-auto certonly
- But if you already have a web server running, you should obtaint the certificate using the webroot plugin
$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is
- After you have the certificate and key location, please add to your nginx.conf or httpd.conf to enable the port 443.

- If you want to redirect all http request to https request, you can add the following redirect commands to the server port 80 of appropriate web server config file:

 return 301 https://$server_name$request_uri;

Note

- Small notice that this certificate will expire in 90 days, so you'd better set a batch script to renew it constantly ( we advice to be twice a day )
##renew certificate
30 6,15 * * * /opt/certbot-auto renew --quiet

If you liked this article

Let's subscribe the updates of Scuti!
Share on Google Plus

About Pham Tuan Anh

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 Comments:

Post a Comment