Posts

Get an SSL Certificate with Let's Encrypt



Do you know what an SSL certificate is?

It is a digital certificate for 'encryption of communication data' and mandatory by default to install one on your site nowadays. The certificate has an expiry date, and the certificate renewal process must be carried out when it is expired. This blog post is about Let's Encrypt, which can automate the renewal process.



What is Let's Encrypt?

A certificate issuing service run by the ISRG, an American non-profit organization. The service is completely free of charge.



How to Issue the Certificate

- Installing the certbot client

1. Install epel

yum install epel-release

2. Install certbot

yum install --enablerepo=epel certbot python-certbot-apache

- Obtaining a certificate

To obtain a certificate, execute the following command.

certbot certonly --webroot \
-w {Document root} \
-d {Domain name} \
-m {Email address} \
--agree-tos -n

Note: Change {Document root}, {Domain name} and {Email address} as appropriate for your environment. You also need to open port 80 in advance since a file is automatically created under the document root and authentication is carried out with that file.


- Verification of a certificate

A single command instantly creates a certificate in the following directory.

#Server certificate
/etc/letsencrypt/live/{Domain name}/cert.pem
#Secret key
/etc/letsencrypt/live/{Domain name}privkey.pem
#Intermediate certificate
/etc/letsencrypt/live/{Domain name}/chain.pem

Note: the certificate renewal period is only three months.


- Renewal of a certificate

The following command will complete the certificate renewal.

certbot renew --post-hook "systemctl reload httpd"

You might want to register the command in cron so that the certificate will be renewed on its own instead of doing it manually.

crontab -e
 
00 06 01 * * root /bin/certbot renew --post-hook "systemctl reload httpd"



 

It was about how to obtain a free SSL certificate, but Beyond GTA can also apply for and install other SSL certificates on your behalf. Reach us if you need to make your website SSL-certified.






This blog post is translated from a blog post written on our Japanese website.