Skip to main content
Let's Encrypt SSL: Installation and configuration on Debian 11

Let's Encrypt is a certification authority launched on December 3, 2015, which allows users to obtain a free SSL certificate for one or more domains.

To generate a certificate, the applicant must prove that they are the owner of the domain. Several methods are used, but in this article we will discuss the implementation of two challenge methods: HTTP-01 Challenge and DNS-01 Challenge.

To facilitate the integration of challenge methods, several applications are available, including the following:

 

Using cerbot on a domain or subdomain

Installation 

sudo apt  install certbot python3-certbot-apache 

After installation, we run a test on a domain:

sudo certbot certonly --apache -d nicamex-exhibition.com -d www.nicamex-exhibition.com --dry-run 

The --dry-run option allows you to run a simulation to make sure that everything works.

The -d option is used to specify a domain name or subdomain.

The result should be similar to:

... 
IMPORTANT NOTES:
 - The dry run was successful.

From there, you can try requesting your certificate to be generated:

sudo certbot certonly --apache -d habeuk.com -d www.habeuk.com 

Result:

... 
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/nicamex-exhibition.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/nicamex-exhibition.com/privkey.pem
   Your certificate will expire on 2023-05-06. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Your certificate has been generated. All you need to do now is update your VirtualHost file.

<VirtualHost *:80> 
        ServerAdmin kksasteph888@gmail.com
        ServerName      nicamex-exhibition.com
        ServerAlias     www.nicamex-exhibition.com
        DocumentRoot /var/www/nicamex_expo/public/web
        <Directory /var/www/nicamex_expo/public/web>
                Options Indexes FollowSymLinks
                AllowOverride All
                Order Deny,Allow
                Allow from all
        </Directory>
        ErrorLog /var/www/nicamex_expo/logs/error.log
        CustomLog /var/www/nicamex_expo/logs/access.log  combined
      
      #redirect to https
      RewriteEngine On
      RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
        ServerAdmin kksasteph888@gmail.com
        ServerName nicamex-exhibition.com
        ServerAlias     www.nicamex-exhibition.com
        DocumentRoot /var/www/nicamex_expo/public/web
        <Directory /var/www/nicamex_expo/public/web>
                Options Indexes FollowSymLinks
                AllowOverride All
                Order Deny,Allow
                Allow from all
        </Directory>
        ErrorLog /var/www/nicamex_expo/logs/error.log
        CustomLog /var/www/nicamex_expo/logs/access.log combined
#SSL conf.
SSLCertificateFile /etc/letsencrypt/live/nicamex-exhibition.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nicamex-exhibition.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

Please adapt the data to suit your environment.

The data at the #SSL conf level is provided during creation under “IMPORTANT NOTES”.
 

You can let certbot update your configuration on Apache by removing “certonly” from the certificate generation command.

Generating certificates for all subdomains:

In this section, we will look at u

Profile picture for user admin Stephane K

Écrit le

Il y'a 2 years
Modifié
Il y'a 3 days
Loading ...
WhatsApp
Support Habeuk : +237 694 900 622
WhatsApp Send