luckyhemanth
Member
- Jun 6, 2017
- 33
- 83
- 37
If you are using apache follow these steps.if you are using NGINX scroll below.
Installing ssl certificates is important to get urself a green lock
-> login to ssh as root
->type the following commands in the same order..
1) apt-get install sudo
2) echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list
3) sudo apt-get update
4) sudo apt-get install python-certbot-apache -t jessie-backports
5) sudo nano /etc/apache2/sites-available/000-default.conf
->now here fill it like this
<VirtualHost *:80>
. . .
ServerName yourdomain.com
ServerAlias www.yourdomain.com
. . .
</VirtualHost>
type the commands in the ssh as root
6) sudo systemctl restart apache2
7) sudo certbot --apache
-> to get those certificates for life time u have to do a simple process
8) sudo crontab -e
choose 1 st option
Include the following content at the end of the crontab, all in one line
30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
-> save the file by pressing "F2" then press "Y" then hit Enter key
9) service apache2 restart
If you are using NGINX follow the below steps:
-> login to ssh as root
->type the following commands in the same order..
1) apt-get install sudo
2) echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list
3) sudo apt-get update
4) sudo apt-get install certbot -t jessie-backports
To ensure that the directory is accessible to Let's Encrypt for validation, let's make a quick change to our Nginx configuration. By default, it's located at /etc/nginx/sites-available/default. We'll use nano to edit it:
5) sudo nano /etc/nginx/sites-available/default
Inside the server block, add this location block:
location ~ /.well-known {
allow all;
}
type the commands in the ssh as root
6) sudo systemctl restart nginx
in the next step use your website domain in place of example.com
7) sudo certbot certonly -a webroot --webroot-path=/var/www/html -d example.com -d www.example.com
After certbot initializes, you will be prompted to enter your email and agree to the Let's Encrypt terms of service. Afterwards, the challenge will run. If everything was successful, you should see an output message that looks something like this:
Output:IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert
will expire on 2017-09-05. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
You will want to note the path and expiration date of your certificate, which was highlighted in the example output.
Before we go any further, let's back up our current server block file:
8) sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
Now, open the server block file to make adjustments:
9) sudo nano /etc/nginx/sites-available/default
in that doc fill it like this "server_name example.com www.example.com " in this line example.com is your domain
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name example.com www.example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
. . .
Save and close the file when you are finished.
10) sudo systemctl restart nginx
-> to get those certificates for life time u have to do a simple process
11) sudo crontab -e
choose 1 st option
Include the following content at the end of the crontab, all in one line
30 2 * * * /usr/bin/certbot renew --noninteractive --renew-hook "/bin/systemctl reload nginx" >> /var/log/le-renew.log
-> save the file by pressing "F2" then press "Y" then hit Enter key
12) sudo systemctl restart nginx
done njoy your lifetime ssl certificates
hit like if you like this tutorial
Installing ssl certificates is important to get urself a green lock
-> login to ssh as root
->type the following commands in the same order..
1) apt-get install sudo
2) echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list
3) sudo apt-get update
4) sudo apt-get install python-certbot-apache -t jessie-backports
5) sudo nano /etc/apache2/sites-available/000-default.conf
->now here fill it like this
<VirtualHost *:80>
. . .
ServerName yourdomain.com
ServerAlias www.yourdomain.com
. . .
</VirtualHost>
type the commands in the ssh as root
6) sudo systemctl restart apache2
7) sudo certbot --apache
-> to get those certificates for life time u have to do a simple process
8) sudo crontab -e
choose 1 st option
Include the following content at the end of the crontab, all in one line
30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
-> save the file by pressing "F2" then press "Y" then hit Enter key
9) service apache2 restart
If you are using NGINX follow the below steps:
-> login to ssh as root
->type the following commands in the same order..
1) apt-get install sudo
2) echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list
3) sudo apt-get update
4) sudo apt-get install certbot -t jessie-backports
To ensure that the directory is accessible to Let's Encrypt for validation, let's make a quick change to our Nginx configuration. By default, it's located at /etc/nginx/sites-available/default. We'll use nano to edit it:
5) sudo nano /etc/nginx/sites-available/default
Inside the server block, add this location block:
location ~ /.well-known {
allow all;
}
type the commands in the ssh as root
6) sudo systemctl restart nginx
in the next step use your website domain in place of example.com
7) sudo certbot certonly -a webroot --webroot-path=/var/www/html -d example.com -d www.example.com
After certbot initializes, you will be prompted to enter your email and agree to the Let's Encrypt terms of service. Afterwards, the challenge will run. If everything was successful, you should see an output message that looks something like this:
Output:IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert
will expire on 2017-09-05. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
You will want to note the path and expiration date of your certificate, which was highlighted in the example output.
Before we go any further, let's back up our current server block file:
8) sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
Now, open the server block file to make adjustments:
9) sudo nano /etc/nginx/sites-available/default
in that doc fill it like this "server_name example.com www.example.com " in this line example.com is your domain
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name example.com www.example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
. . .
Save and close the file when you are finished.
10) sudo systemctl restart nginx
-> to get those certificates for life time u have to do a simple process
11) sudo crontab -e
choose 1 st option
Include the following content at the end of the crontab, all in one line
30 2 * * * /usr/bin/certbot renew --noninteractive --renew-hook "/bin/systemctl reload nginx" >> /var/log/le-renew.log
-> save the file by pressing "F2" then press "Y" then hit Enter key
12) sudo systemctl restart nginx
done njoy your lifetime ssl certificates
hit like if you like this tutorial
Last edited: