Precondition:
- You want to get a SSL certificate for your production web application.- You use AWS but don't want to use ACM because it attaches to other unused service ( ACM doesn't work with ec2 instance but to relate to ELB or Cloud Front )
Installation:
- First you have to enable EPEL ( Extra Packages for Enterprise Linux )
$ sudo yum install epel-release
- Then you get a version copy of certbot:
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto
- Now you use certonly command to obtain your certificate
- If you want to redirect all http request to https request, you can add the following redirect commands to the server port 80 of appropriate web server config file:
./path/to/certbot-auto certonly- But if you already have a web server running, you should obtaint the certificate using the webroot plugin
$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is- After you have the certificate and key location, please add to your nginx.conf or httpd.conf to enable the port 443.
- If you want to redirect all http request to https request, you can add the following redirect commands to the server port 80 of appropriate web server config file:
return 301 https://$server_name$request_uri;Note
- Small notice that this certificate will expire in 90 days, so you'd better set a batch script to renew it constantly ( we advice to be twice a day )##renew certificate30 6,15 * * * /opt/certbot-auto renew --quiet
0 Comments:
Post a Comment