EL7 + LetsEncypt

Page

Thanks to the EFF, we now have a lovely suite of tools for getting globally recognized and trusted SSL certificates for HTTPS via Lets Encypt and their management tool certbot.

 

INSTALLATION

yum install python-certbot-apache certbot

INSTALLING NEW CERTIFICATE

certbot apache -d DOMAIN.TLD -d DOMAIN2.TLD

certbot certonly --webroot -w /var/www/html -d DOMAIN1.TLD -d DOMAIN2.TLD

RENEWAL OF EXISTING CERTIFICATE

Recommended to run regularly as the renewal will only occur if the expiry is within the next 30 days.

certbot renew

certbot renew --dry-run

certbot renew --quiet

AMAZON LIGHTSAIL / AWS ISSUES

Amazon has a few issues with certbot.  Here are the steps to get around them.

wget https://dl.eff.org/certbot-auto
./certbot-auto --debug certonly -d www.fqdn.tld -d fqdn.tld

To renew:

./certbot-auto renew

Now to install SSL support, if you have not for Apache (2.4 in my example),.

yum install mod24_ssl

Edit /etc/httpd/conf.d/ssl.conf to fix the following values

SSLCertificateFile /etc/letsencrypt/live/fqdn.tld/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/fqdn.tld/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/fqdn.tld/chain.pem

Lastly restart Apache

sudo service httpd restart