小杨同学的wiki

Download certbot tool

Use the commands below to download certbot on your system:

# Ubuntu / Debian
sudo apt-get update
sudo apt-get install certbot

# Fedora
sudo dnf install certbot python2-certbot-nginx
sudo dnf install certbot python2-certbot-apache

# CentOS 8
sudo dnf -y install epel-release
sudo dnf -y install certbot

# CentOS 7
sudo yum -y install epel-release
sudo yum -y install certbot

Before you can request for ssl certificate, open port 443 on firewall, This demonstration assumes you are running CentOS 7.x whose firewall system is firewalld. If you have other systems like Ubuntu or Debian, firewall system might be different.

sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

You may need to stop web server before generating SSL:

### Apache ###
sudo systemctl stop apache2 #Debian / Ubuntu
sudo systemctl stop httpd #RHEL based

### Nginx ###
sudo systemctl stop nginx

Now request for ssl certificate:

sudo certbot certonly -d  mydomain.com -d www.mydomain.com

As you make first request, the script will install required packages/dependencies and setup virtual environment.

Note that you need active dns A record for the domain specified. For www.mydomain.com, this can be a CNAME record.

Answer few questions on the prompt and in no a time you have your ssl certificate and private key. Default location for this is: /etc/letsencrypt/live

Renewing certs

sudo certbot  --renew

Automated renewal using –pre-hook and –post-hook

### For nginx ###
sudo /usr/bin/certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"

### For apache ###
sudo /usr/bin/certbot renew --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

To force manual renewal:

sudo certbot renew --force-renewal

If you would like to use cron jobs, your crontab should have a line similar to one below:

/usr/bin/certbot renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"

15 3 * * * /usr/bin/certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"

## Download certbot tool

Use the commands below to download certbot on your system:

```
# Ubuntu / Debian
sudo apt-get update
sudo apt-get install certbot

# Fedora
sudo dnf install certbot python2-certbot-nginx
sudo dnf install certbot python2-certbot-apache

# CentOS 8
sudo dnf -y install epel-release
sudo dnf -y install certbot

# CentOS 7
sudo yum -y install epel-release
sudo yum -y install certbot
```

```
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload
```

You may need to stop web server before generating SSL:

```
### Apache ###
sudo systemctl stop apache2 #Debian / Ubuntu
sudo systemctl stop httpd #RHEL based

### Nginx ###
sudo systemctl stop nginx
```

Now request for ssl certificate:

```
sudo certbot certonly -d  mydomain.com -d www.mydomain.com
```

As you make first request, the script will install required packages/dependencies and setup virtual environment.

Note that you need active dns **A** record for the domain specified. For **www.mydomain.com**, this can be a **CNAME** record.

Answer few questions on the prompt and in no a time you have your ssl certificate and private key. Default location for this is: **/etc/letsencrypt/live**

##### Renewing certs

```
sudo certbot  --renew
```

### Automated renewal using –pre-hook and –post-hook

```
### For nginx ###
sudo /usr/bin/certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"

### For apache ###
sudo /usr/bin/certbot renew --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
```

To force manual renewal:

```
sudo certbot renew --force-renewal
```

If you would like to use cron jobs, your crontab should have a line similar to one below:

```
/usr/bin/certbot renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"

15 3 * * * /usr/bin/certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"
```