Let's Encrypt is a certification authority launched on December 3, 2015, which allows users to obtain a free SSL certificate for one or more domains.
To generate a certificate, the applicant must prove that they are the owner of the domain. Several methods are used, but in this article we will discuss the implementation of two challenge methods: HTTP-01 Challenge and DNS-01 Challenge.
To facilitate the integration of challenge methods, several applications are available, including the following:
Using cerbot on a domain or subdomain
Installation
sudo apt install certbot python3-certbot-apache
After installation, we run a test on a domain:
sudo certbot certonly --apache -d nicamex-exhibition.com -d www.nicamex-exhibition.com --dry-run
The --dry-run option allows you to run a simulation to make sure that everything works.
The -d option is used to specify a domain name or subdomain.
The result should be similar to:
...
IMPORTANT NOTES:
- The dry run was successful.
From there, you can try requesting your certificate to be generated:
sudo certbot certonly --apache -d habeuk.com -d www.habeuk.com
Result:
...
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/nicamex-exhibition.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/nicamex-exhibition.com/privkey.pem
Your certificate will expire on 2023-05-06. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Your certificate has been generated. All you need to do now is update your VirtualHost file.
<VirtualHost *:80>
ServerAdmin kksasteph888@gmail.com
ServerName nicamex-exhibition.com
ServerAlias www.nicamex-exhibition.com
DocumentRoot /var/www/nicamex_expo/public/web
<Directory /var/www/nicamex_expo/public/web>
Options Indexes FollowSymLinks
AllowOverride All
Order Deny,Allow
Allow from all
</Directory>
ErrorLog /var/www/nicamex_expo/logs/error.log
CustomLog /var/www/nicamex_expo/logs/access.log combined
#redirect to https
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin kksasteph888@gmail.com
ServerName nicamex-exhibition.com
ServerAlias www.nicamex-exhibition.com
DocumentRoot /var/www/nicamex_expo/public/web
<Directory /var/www/nicamex_expo/public/web>
Options Indexes FollowSymLinks
AllowOverride All
Order Deny,Allow
Allow from all
</Directory>
ErrorLog /var/www/nicamex_expo/logs/error.log
CustomLog /var/www/nicamex_expo/logs/access.log combined
#SSL conf.
SSLCertificateFile /etc/letsencrypt/live/nicamex-exhibition.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nicamex-exhibition.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Please adapt the data to suit your environment.
The data at the #SSL conf level is provided during creation under “IMPORTANT NOTES”.
You can let certbot update your configuration on Apache by removing “certonly” from the certificate generation command.
Generating certificates for all subdomains:
In this section, we will look at u