So days before, one of my friend told me the importance which you can have a look at his blog here. I thought that I might try, it’s boring anyway.
So I already got my SSL connection as you can see, there’s a green locker in the address bar.
Disclaimer
I will not responsible for any damage database due to following my tutorial. This tutorial is for Apache, if you are using Nginx, please do not follow this guide.
Type the commands by step and do it properly, you shouldn’t have a problem.
Installing Certbot
First, stop Apache server
killall apache2
If you got Softether VPN Server installed on your machine, please stop the listen of port 443, because this is the SSL connection port
Install Let’s Encrypt by the following command
apt install python-letsencrypt-apache
letsencrypt certonly
Choose Automatically use a temporary web server and wait it until it finishes
Modify Apache config file and “.htaccess” file
Please create a snapshot to avoid any problem
Confirm whether the certs are created or not first, using commands
cd /etc/letsencrypt/archive/"example.org"
ls
if you can see cert1.pem, chain1.pem, fullchain1.pem and privkey1.pem, it means the certs has been created successfully
Then you need to modify Apache configuration file
First, type the commands
a2enmod ssl
service apache2 stop
Then you want to let Apache server to listen to port 443, you want to add Listen 443 to the file /etc/aoache2/ports.conf, after you do that, it will looks like this
# If you just change the port or add more ports here, you will likely also # have to change the VirtualHost statement in # /etc/apache2/sites-enabled/000-default.conf Listen 80 Listen 443 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And, you want to edit /etc/apache2/sites-enabled/000-default.conf, it will looks like this
SSLEngine on SSLCertificateFile /etc/letsencrypt/archive/"example.org"/cert1.pem SSLCertificateKeyFile /etc/letsencrypt/archive/"example.org"/privkey1.pem SSLCertificateChainFile /etc/letsencrypt/archive/"example.org"/fullchain1.pem
Save the file and reboot, if you are not allowed to reboot, restart or start Apache2 service using command
sudo service apache restart
sudo service apache start
You also want to modify “.htaccess” file, to redirect http to https
add this thing to the “.htaccess” file
RewriteEngine on RewriteCond %{HTTP_HOST} ^example\.org$ [NC] RewriteRule ^(.*)$ https://www.example.org/$1 [R=301,L]
Renew the cert
the cert will expire in 90 days, please renew the cert in 60 days or more but less than 90 days, to renew, using command
./certbot renew
No Comments
You can leave the first : )