Ubuntu 16.04
Sponsored Link

Get SSL Certificates (Let's Encrypt)2018/02/20

 
Get SSL Certificates from Let's Encrypt who provides Free SSL Certificates.
Refer to the details for Let's Encrypt official site below.
⇒ https://letsencrypt.org/
By the way, expiration date of a cert is 90 days, so you must update within next 90 days later.
[1] Install Client tool which is the tool to get certificates from Let's Encrypt.
root@dlp:~#
apt-get -y install letsencrypt
[2] Get certificates.
It needs Web server like Apache httpd or Nginx must be runing on the server you work.
If no Web server is running, skip this section and Refer to [3] section.
Furthermore, it needs that it's possible to access from the Internet to your working server on port 80 because of verification from Let's Encrypt.
# for the option [--webroot], use a directory under the webroot on your server as a working temp

# -w [document root] -d [FQDN you'd like to get certs]

# FQDN (Fully Qualified Domain Name) : Hostname.Domainname
# if you'd like to get certs for more than 2 FQDNs, specify all like below

# ex : if get [srv.world] and [www.srv.world]

# ⇒ -d srv.world -d dlp.srv.world
root@dlp:~#
letsencrypt certonly --webroot -w /var/www/html -d dlp.srv.world


# for only initial using, register your email address and agree to terms of use
# specify valid email address
Enter email address (used for urgent notices and lost key recovery)

root@mail.srv.world 

<  OK  >           <Cancel>

# agree to the terms of use
Please read the Terms of Service at
     https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf.
     You must agree in order to register with the ACME server at       
     https://acme-v01.api.letsencrypt.org/directory                    

<Agree >           <Cancel>

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/dlp.srv.world/fullchain.pem. Your cert will
   expire on 2018-05-23. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

# success if [Congratulations] is shown
# certs are created under the [/etc/letsencrypt/live/(FQDN)/] directory

# cert.pem       ⇒ SSL Server cert(includes public-key)
# chain.pem      ⇒ intermediate certificate
# fullchain.pem  ⇒ combined file cert.pem and chain.pem
# privkey.pem    ⇒ private-key file
[3] If no Web Server is running on your working server, it's possbile to get certs with using tool's Web Server feature. Anyway, it needs that it's possible to access from the Internet to your working server on port 80 because of verification from Let's Encrypt.
# for the option [--standalone], use tool's Web Server feature

# -d [FQDN you'd like to get certs]

# FQDN (Fully Qualified Domain Name) : Hostname.Domainname
# if you'd like to get certs for more than 2 FQDNs, specify all like below

# ex : if get [srv.world] and [www.srv.world] ⇒ -d srv.world -d dlp.srv.world
root@dlp:~#
letsencrypt certonly --standalone -d srv.world


IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/srv.world/fullchain.pem. Your cert will
   expire on 2018-05-23. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[4] For Updating existing certs, Do like follows.
# update all certs which has less than 30 days expiration

# if you'd like to update certs which has more than 30 days expiration, add [--force-renewal] option

root@dlp:~#
letsencrypt renew

Matched Content