Do you have a blog or site and want to get an SSL certificate for your site?
You found out that it's important for Google to have an SSL certificate on your site to count on Google results!
I'll show you how I did for my blog https://blog.ceae.info/
We found last year the project "Let's Encrypt"
It is a project supported by several corporations. The list below !
I have followed the explained steps for shell access because I have my own blog server, and I think it's the easiest way.
More information and explanations here https://letsencrypt.org/getting-started/
Even their recommendation is to use the shell access path, since you choose this path you are redirected to another site where you download an application https://certbot.eff.org/#centosrhel7-apache
In the above link I have already selected Apache with Centos 7.
Go to your server in the shell and write.
yum install certbot-apache
It installs what you need to put the SSL certificate.
Next step
certbot --authenticator webroot --installer apache
And that's it, you'll get a 3-month free certificate.
For renewal you only have to do the next step:
certbot renew --dry-run
Case 2 now
Let's say you have multiple sites on your server and you only want a SSL certificate for a site.
Step 1: ( real example )
Execute the command:
certbot certonly --webroot -w /var/www/html/itsmartsystems.tk -d www.itsmartsystems.tkSuppose we already installed certbot ( yum -y install certbot ) For the above case we want to for an ssl certificate for the www.itsmartsystems.tk domain. The result after I run certbot:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for www.itsmartsystems.tk Using the webroot path /var/www/html/itsmartsystems.tk for all unmatched domains. Waiting for verification... Cleaning up challengesIMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.itsmartsystems.tk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.itsmartsystems.tk/privkey.pem
Your cert will expire on 2018-04-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Now we need to edit the configuration file in VHOST.
vim /etc/httpd/conf.d/VHOSTS-le-ssl.conf
< IfModule mod_ssl.c > <VirtualHost 172.41.1.100:443> <Directory /var/www/html/luconsult.tk> Order deny,allow Allow from all DirectoryIndex index.html Options +Indexes ServerName www.itsmartsystems.tk ServerPath /itsmartsystems.tk DocumentRoot /var/www/html/itsmartsystems.tk CustomLog /var/log/httpd/isstk_access.log common ErrorLog /var/log/httpd/isstk_error.log SSLCertificateFile /etc/letsencrypt/live/www.itsmartsystems.tk/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.itsmartsystems.tk/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateChainFile /etc/letsencrypt/live/www.itsmartsystems.tk/fullchain.pem < /IfModule >After that, we restart the apache server.
systemctl restart httpdYou can see the result here: https://www.itsmartsystems.tk/
After the expiration of the certificate, we only have this step.
certbot renew
Enjoy and happy new day !
This post has received a 1.25 % upvote from @boomerang thanks to: @luciancovaci
Well done! This post has received a 100.00 % upvote from @litasio thanks to: @luciancovaci. Whoop!
If you would like to delegate to the @LitasIO you can do so by clicking on the following link: 10SP
100% guarantee solution for SSL working find here https://www.godaddy.com/community/SSL-And-Security/SSL-100-Working/td-p/130568