ssl – purabtech.in

How to install certbot ssl certificate on nginx server

I am using centos 7.4 server. you can use following commands for installing ssl certicate.

#cd /etc/nginx/conf.d/

[root@vps147238 conf.d]# cp m.eparinay.com.conf qa.eparinay.com.conf [root@vps147238 conf.d]# vim qa.eparinay.com.conf [root@vps147238 conf.d]# sudo certbot --nginx -d qa.eparinay.com -d qa.eparinay.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Attempting to parse the version 1.23.0 renewal configuration file found at /etc/letsencrypt/renewal/eparinay.com.conf with version 1.11.0 of Certbot. This might not work. Attempting to parse the version 1.23.0 renewal configuration file found at /etc/letsencrypt/renewal/purabtech.com.conf with version 1.11.0 of Certbot. This might not work. Attempting to parse the version 1.23.0 renewal configuration file found at /etc/letsencrypt/renewal/www.eparinay.com-0001.conf with version 1.11.0 of Certbot. This might not work. Requesting a certificate for qa.eparinay.com Performing the following challenges: http-01 challenge for qa.eparinay.com Waiting for verification… Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/qa.eparinay.com.conf Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/qa.eparinay.com.conf

Congratulations! You have successfully enabled https://qa.eparinay.com

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/qa.eparinay.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/qa.eparinay.com/privkey.pem Your certificate will expire on 2022-07-31. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew all of your certificates, run "certbot renew"
If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

[root@vps147238 conf.d]# vim qa.eparinay.com.conf [root@vps147238 conf.d]# service nginx restart Redirecting to /bin/systemctl restart nginx.service [root@vps147238 conf.d]#

auto renew letsencrypt ssl apache on linux

For auto renew SSL certificate I added following code in crontab.

0 0 */10 * * certbot renew >> /logs/certbot-cron.log 2>&1

Log of certbot renew command.

[root@vps147238 ep]# certbot renew

 Saving debug log to /var/log/letsencrypt/letsencrypt.log Processing /etc/letsencrypt/renewal/purabtech.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certificates are not due for renewal yet:     /etc/letsencrypt/live/purabtech.com/fullchain.pem expires on 2022-01-17 (skipped)    (skipped) No renewals were attempted.

how to get free ssl certificate from letsencrypt

For getting a free SSL certificate you need SSH access to your server where you installed your application code.

Then follow commands and articles which will guide you to install the necessary application.

https://certbot.eff.org/lets-encrypt/centosrhel7-apache

After installing certbot to your machine. you need to run following command to generate SSL certificate.

certbot --apache certonly --cert-name purabtech.com -d purabtech.in

Open 443 and 80 port on linux VM

If your apache or Nginx or tomcat server is configured properly still your site is not opening then check firewall and port is opened on the internet.

Check the status of your firewall. use this command

firewall-cmd --state

running

Check which zones are active

[root@vps147238 purab]# firewall-cmd –get-active-zones
public
interfaces: eth0

Open port 80 and port 443 port.

firewall-cmd –zone=public --add-service=http

firewall-cmd --zone=public --add-service=https

firewall-cmd --zone=public --permanent --add-service=http

firewall-cmd --zone=public --permanent --add-service=https

firewall-cmd --reload

Now check port 80 and 443 opened

firewall-cmd --list-all

public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh https ports: 80/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:

CentOS Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org An unexpected error occurred:

While running certonly command I got following error:
[root@vps147238 letsencrypt]# certbot --apache certonly --cert-name purabtech.com -d purabtech.in
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: (‘Connection aborted.’, gaierror(-2, ‘Name or service not known’))
Please see the logfiles in /var/log/letsencrypt for more details.

I solved this issue by doing following:

$vi /etc/letsencrypt/cli.ini

Put following code in that
server = https://acme-v02.api.letsencrypt.org/directory

It solved my problem…

How to install SSL with apache on fedora

Just use following commands
[root@localhost siwan]# yum install openssl
[root@localhost siwan]# yum install openssl-devel
[root@localhost siwan]# yum install mod_ssl

This will start apache server.
[root@localhost siwan]# /etc/init.d/httpd restart

Share Article:

Share Article:

Share Article:

Share Article:

Share Article:

Share Article: