SSL Certificates with LetsEncrypt

The following configuration is for demonstration purposes, only. It is of vital importance that the certificate directories be secured. Only “webadmin” user/group (with selinux enforced) should have access to it to slow down potential breaches and signature tampering.
 
yum -y install yum-utils

yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

yum -y install certbot

certbot certonly --webroot -w /var/www/certs -d dragoncoin.com -d www.dragoncoin.com
 
Method 1:
 
Source: https://certbot.eff.org/lets-encrypt/centosrhel7-haproxy
 
 
 

Method 2:
 
cd /etc/letsencrypt/

wget https://dl.eff.org/certbot-auto

chmod a+x certbot-auto

/etc/letsencrypt/certbot-auto certonly --manual -d *.kimconnect.com -d kimconnect.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
cd /etc/letsencrypt/

certbot-auto certonly --manual -d *.dragoncoin.com -d dragoncoin.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
 
##### Completed SSL Cert Registration #####

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/dragoncoin.com/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/dragoncoin.com/privkey.pem
  Your cert will expire on 2019-05-03. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot-auto
  again. To non-interactively renew *all* of your certificates, run
  "certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
  Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
 
# Optional: Generate the .key file
 
# Move certbot-auto into appropriate directory
mv certbot-auto /etc/letsencrypt/
 
# Edit Crontab
crontab -e
# Set renewal every 3rd month at 2:00AM
0 2 1 */4 * /etc/letsencrypt/certbot-auto renew --force-renew && systemctl restart nginx >/dev/null 2>&1
 
# Combine fullchain with private key into one file

DOMAIN='dragoncoin.com' sudo -E bash -c 'cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem /etc/letsencrypt/live/$DOMAIN/privkey.pem > /etc/letsencrypt/live/$DOMAIN/$DOMAIN.pem'

DOMAIN='kimconnect.com' sudo -E bash -c 'cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem /etc/letsencrypt/live/$DOMAIN/privkey.pem > /etc/letsencrypt/live/$DOMAIN/$DOMAIN.pem'

Leave a Reply

Your email address will not be published. Required fields are marked *