How can you get a free ssl certificate for your site?

luciancovaci (52)in #linux • 7 years ago (edited)

Do you have a blog or site and want to get an SSL certificate for your site?
You found out that it's important for Google to have an SSL certificate on your site to count on Google results!

I'll show you how I did for my blog https://blog.ceae.info/

We found last year the project "Let's Encrypt"

It is a project supported by several corporations. The list below !

I have followed the explained steps for shell access because I have my own blog server, and I think it's the easiest way.
More information and explanations here https://letsencrypt.org/getting-started/

Even their recommendation is to use the shell access path, since you choose this path you are redirected to another site where you download an application https://certbot.eff.org/#centosrhel7-apache
In the above link I have already selected Apache with Centos 7.
Go to your server in the shell and write.

yum install certbot-apache

It installs what you need to put the SSL certificate.

Next step

certbot --authenticator webroot --installer apache

And that's it, you'll get a 3-month free certificate.
For renewal you only have to do the next step:

certbot renew --dry-run

Case 2 now

Let's say you have multiple sites on your server and you only want a SSL certificate for a site.
Step 1: ( real example )
Execute the command:

certbot certonly --webroot -w /var/www/html/itsmartsystems.tk -d www.itsmartsystems.tk

Suppose we already installed certbot ( yum -y install certbot ) For the above case we want to for an ssl certificate for the www.itsmartsystems.tk domain. The result after I run certbot:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for www.itsmartsystems.tk Using the webroot path /var/www/html/itsmartsystems.tk for all unmatched domains. Waiting for verification... Cleaning up challenges

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.itsmartsystems.tk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.itsmartsystems.tk/privkey.pem
Your cert will expire on 2018-04-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"
If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Now we need to edit the configuration file in VHOST.
vim /etc/httpd/conf.d/VHOSTS-le-ssl.conf

<  IfModule mod_ssl.c  >
<VirtualHost 172.41.1.100:443>
        <Directory /var/www/html/luconsult.tk>
                Order deny,allow
                Allow from all
                DirectoryIndex index.html
                Options +Indexes
        
        ServerName www.itsmartsystems.tk
        ServerPath /itsmartsystems.tk
        DocumentRoot /var/www/html/itsmartsystems.tk
        CustomLog /var/log/httpd/isstk_access.log common
        ErrorLog /var/log/httpd/isstk_error.log
SSLCertificateFile /etc/letsencrypt/live/www.itsmartsystems.tk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.itsmartsystems.tk/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.itsmartsystems.tk/fullchain.pem

<  /IfModule  >

After that, we restart the apache server.