One place for hosting & domains

      Certbot

      How to Install Certbot for TLS on Ubuntu 18.04


      Updated by Linode

      Written by Rajakavitha Kodhandapani

      What is Certbot?

      Certbot is a tool that automates the process of getting a signed certificate via Let’s Encrypt to use with TLS.

      For most operating system and web server configurations, Certbot creates signed certificates, manages the web server to accept secure connections, and can automatically renew certificates it has created. In most cases, Certbot can seamlessly enable HTTPS without causing server downtime.

      Before You Begin

      Make sure you have registered a Fully Qualified Domain Name (FQDN) and set up A and AAAA DNS records that point to your Linode’s public IPv4 and IPv6 addresses. Consult our DNS Records: An Introduction and DNS Manager guides for help with setting up a domain.

      Note

      If you’re using Apache, change each instance of nginx to apache in the following sections.

      1. Install the Certbot and web server-specific packages, then run Certbot:

        sudo apt-get update
        sudo add-apt-repository ppa:certbot/certbot
        sudo apt-get install python-certbot-nginx
        sudo certbot --nginx
        
      2. Certbot will ask for information about the site. The responses will be saved as part of the certificate:

          
            # sudo certbot --nginx
            Saving debug log to /var/log/letsencrypt/letsencrypt.log
            Plugins selected: Authenticator nginx, Installer nginx
            Enter email address (used for urgent renewal and security notices) (Enter 'c' to
            cancel): [email protected]
            - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            Please read the Terms of Service at
            https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
            agree in order to register with the ACME server at
            https://acme-v02.api.letsencrypt.org/directory
            - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            (A)gree/(C)ancel: A
        
            - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            Would you be willing to share your email address with the Electronic Frontier
            Foundation, a founding partner of the Let's Encrypt project and the non-profit
            organization that develops Certbot? We'd like to send you email about our work
            encrypting the web, EFF news, campaigns, and ways to support digital freedom.
            - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            (Y)es/(N)o: N
            No names were found in your configuration files. Please enter in your domain
            name(s) (comma and/or space separated)  (Enter 'c' to cancel): www.rajie.wiki
            Obtaining a new certificate
            Performing the following challenges:
            http-01 challenge for www.example.com
            Waiting for verification...
            Cleaning up challenges
            Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
        
            Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
            - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            1: No redirect - Make no further changes to the webserver configuration.
            2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
            new sites, or if you're confident your site works on HTTPS. You can undo this
            change by editing your web server's configuration.
            - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
            Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default
            - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        
            
        
      3. Certbot will also ask if you would like to automatically redirect HTTP traffic to HTTPS traffic. It is recommended that you select this option.

      4. When the tool completes, Certbot will store all generated keys and issued certificates in the /etc/letsencrypt/live/$domain directory, where $domain is the name of the domain entered during the Certbot certificate generation step.

        Note

        Certbot recommends pointing your web server configuration to the default certificates directory or creating symlinks. Keys and certificates should not be moved to a different directory.

        Finally, Certbot will update your web server configuration so that it uses the new certificate, and also redirects HTTP traffic to HTTPS if you chose that option.

      5. If you have a firewall configured on your Linode, you may need to add Firewall Rules to allow incoming and outgoing connections to the HTTPS service. If you’re using UFW for example, you can enable HTTP and HTTPS traffic with the following commands:

        sudo systemctl start ufw && sudo systemctl enable ufw
        sudo ufw allow http
        sudo ufw allow https
        sudo ufw enable
        

        Note

      This guide is published under a CC BY-ND 4.0 license.



      Source link

      How to Install Certbot for TLS on Debian 10


      Updated by Linode

      Written by Rajakavitha Kodhandapani

      What is Certbot?

      Certbot is a tool that automates the process of getting a signed certificate via Let’s Encrypt to use with TLS.

      For most operating system and web server configurations, Certbot creates signed certificates, manages the web server to accept secure connections, and can automatically renew certificates it has created. In most cases, Certbot can seamlessly enable HTTPS without causing server downtime.

      Before You Begin

      Make sure you have registered a Fully Qualified Domain Name (FQDN) and set up A and AAAA DNS records that point to your Linode’s public IPv4 and IPv6 addresses. Consult our DNS Records: An Introduction and DNS Manager guides for help with setting up a domain.

      Note

      If you’re using Apache, change each instance of nginx to apache in the following sections.

      1. Install the Certbot and web server-specific packages, then run Certbot:

        sudo apt install certbot python-certbot-nginx
        sudo certbot --nginx
        
      2. Certbot will ask for information about the site. The responses will be saved as part of the certificate:

          
        # sudo certbot --nginx
        Saving debug log to /var/log/letsencrypt/letsencrypt.log
        Plugins selected: Authenticator nginx, Installer nginx
        Enter email address (used for urgent renewal and security notices) (Enter 'c' to
        cancel): [email protected]
        
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        Please read the Terms of Service at
        https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
        agree in order to register with the ACME server at
        https://acme-v02.api.letsencrypt.org/directory
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        (A)gree/(C)ancel: A
        
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        Would you be willing to share your email address with the Electronic Frontier
        Foundation, a founding partner of the Let's Encrypt project and the non-profit
        organization that develops Certbot? We'd like to send you email about our work
        encrypting the web, EFF news, campaigns, and ways to support digital freedom.
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        (Y)es/(N)o: N
        No names were found in your configuration files. Please enter in your domain
        name(s) (comma and/or space separated)  (Enter 'c' to cancel): www.rajie.wiki
        Obtaining a new certificate
        Performing the following challenges:
        http-01 challenge for www.example.com
        Waiting for verification...
        Cleaning up challenges
        Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
        
        Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        1: No redirect - Make no further changes to the webserver configuration.
        2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
        new sites, or if you're confident your site works on HTTPS. You can undo this
        change by editing your web server's configuration.
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
        Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default
        
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        
        
        
      3. Certbot will also ask if you would like to automatically redirect HTTP traffic to HTTPS traffic. It is recommended that you select this option.

      4. When the tool completes, Certbot will store all generated keys and issued certificates in the /etc/letsencrypt/live/$domain directory, where $domain is the name of the domain entered during the Certbot certificate generation step.

        Note

        Certbot recommends pointing your web server configuration to the default certificates directory or creating symlinks. Keys and certificates should not be moved to a different directory.

        Finally, Certbot will update your web server configuration so that it uses the new certificate, and also redirects HTTP traffic to HTTPS if you chose that option.

      5. If you have a firewall configured on your Linode, you may need to add Firewall Rules to allow incoming and outgoing connections to the HTTPS service. If you’re using UFW, you can enable HTTP and HTTPS traffic with the following commands:

        sudo systemctl start ufw && sudo systemctl enable ufw
        sudo ufw allow http
        sudo ufw allow https
        sudo ufw enable
        

        Note

      This guide is published under a CC BY-ND 4.0 license.



      Source link

      How to Install Certbot for TLS on CentOS 8


      Updated by Linode

      Written by Rajakavitha Kodhandapani

      What is Certbot?

      Certbot is a tool that automates the process of getting a signed certificate via Let’s Encrypt to use with TLS.

      For most operating system and web server configurations, Certbot creates signed certificates, manages the web server to accept secure connections, and can automatically renew certificates it has created. In most cases, Certbot can seamlessly enable HTTPS without causing server downtime.

      Before You Begin

      Make sure you have registered a Fully Qualified Domain Name (FQDN) and set up A and AAAA DNS records that point to your Linode’s public IPv4 and IPv6 addresses. Consult our DNS Records: An Introduction and DNS Manager guides for help with setting up a domain.

      Note

      If you’re using Apache, change each instance of nginx to apache in the following sections.

      1. Enable the EPEL repository:

        sudo yum install epel-release
        sudo yum update
        
      2. Download and install the Certbot and web server-specific packages:

        sudo curl -O https://dl.eff.org/certbot-auto
        sudo mv certbot-auto /usr/local/bin/certbot-auto
        chmod 0755 /usr/local/bin/certbot-auto
        
      3. Run Certbot:

        sudo /usr/local/bin/certbot-auto --nginx
        
      4. Certbot will ask for information about the site. The responses will be saved as part of the certificate:

          
        # sudo /usr/local/bin/certbot-auto --nginx
        Saving debug log to /var/log/letsencrypt/letsencrypt.log
        Plugins selected: Authenticator nginx, Installer nginx
        No names were found in your configuration files. Please enter in your domain
        name(s) (comma and/or space separated)  (Enter 'c' to cancel): www.example.com
        Obtaining a new certificate
        Performing the following challenges:
        http-01 challenge for www.example.com
        Waiting for verification...
        Cleaning up challenges
        Deploying Certificate to VirtualHost /etc/nginx/nginx.conf
        
        Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        1: No redirect - Make no further changes to the webserver configuration.
        2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
        new sites, or if you're confident your site works on HTTPS. You can undo this
        change by editing your web server's configuration.
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
        Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf
        
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        
        
        
      5. Certbot will also ask if you would like to automatically redirect HTTP traffic to HTTPS traffic. It is recommended that you select this option.

      6. When the tool completes, Certbot will store all generated keys and issued certificates in the /etc/letsencrypt/live/$domain directory, where $domain is the name of the domain entered during the Certbot certificate generation step.

        Note

        Certbot recommends pointing your web server configuration to the default certificates directory or creating symlinks. Keys and certificates should not be moved to a different directory.

        Finally, Certbot will update your web server configuration so that it uses the new certificate, and also redirects HTTP traffic to HTTPS if you chose that option.

      7. If you have a firewall configured on your Linode, you may need to add a firewall rule to allow incoming and outgoing connections to the HTTPS service. On CentOS 8, firewalld is the default tool for managing firewall rules. Configure firewalld for HTTP and HTTPS traffic:

        sudo firewall-cmd --zone=public --permanent --add-service=http
        sudo firewall-cmd --zone=public --permanent --add-service=https
        sudo firewall-cmd --reload
        

      This guide is published under a CC BY-ND 4.0 license.



      Source link