Configurar Let's Encrypt SSL en Apache 2.4 y Centos 8



Fuente: https://letsencrypt.org/

Fuente: https://certbot.eff.org/instructions?ws=apache&os=centosrhel8

Fuente: https://snapcraft.io/docs/installing-snap-on-centos

Fuente: https://stackoverflow.com/questions/59549309/unable-to-find-a-virtual-host-listening-on-port-80-please-add-a-virtual-host

Fuente: https://httpd.apache.org/docs/2.4/vhosts/examples.html


  1. SSH into the server

    SSH into the server running your HTTP website as a user with sudo privileges.

  2. Install snapd

    You'll need to install snapd and make sure you follow any instructions to enable classic snap support.

    Follow these instructions on snapcraft's site to install snapd.

  3. Ensure that your version of snapd is up to date

    Execute the following instructions on the command line on the machine to ensure that you have the latest version of snapd.

    sudo snap install core; sudo snap refresh core
  4. Remove certbot-auto and any Certbot OS packages

    If you have any Certbot packages installed using an OS package manager like aptdnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbotsudo dnf remove certbot, or sudo yum remove certbot. If you previously used Certbot through the certbot-auto script, you should also remove its installation by following the instructions here.

  5. Install Certbot

    Run this command on the command line on the machine to install Certbot.

    sudo snap install --classic certbot
  6. Prepare the Certbot command

    Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.

    sudo ln -s /snap/bin/certbot /usr/bin/certbot
  7. Choose how you'd like to run Certbot

    Either get and install your certificates...

    Run this command to get a certificate and have Certbot edit your apache configuration automatically to serve it, turning on HTTPS access in a single step.

    sudo certbot --apache

    Or, just get a certificate

    If you're feeling more conservative and would like to make the changes to your apache configuration by hand, run this command.

    sudo certbot certonly --apache
  8. Test automatic renewal

    The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:

    sudo certbot renew --dry-run

    The command to renew certbot is installed in one of the following locations:

    • /etc/crontab/
    • /etc/cron.*/*
    • systemctl list-timers
  9. Confirm that Certbot worked

    To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar.




Para renovar un certificado SSL utilizando Certbot, puedes simplemente ejecutar el siguiente comando:

# sudo certbot renew


HELP.

  • "sudo": Es un comando de Unix/Linux que se utiliza para ejecutar otros comandos con privilegios de administrador.
  • "certbot": Es una herramienta de gestión de certificados SSL, comúnmente utilizada con el servidor web Apache o Nginx, que simplifica el proceso de adquisición, instalación y renovación de certificados SSL/TLS gratuitos de Let's Encrypt.
  • "renew": Es un subcomando de Certbot que se utiliza para renovar los certificados SSL existentes antes de que expiren.
  • "--dry-run": Es una opción que se puede agregar al comando renew para simular el proceso de renovación sin realizar ningún cambio real en los certificados ni en la configuración del servidor. Esto es útil para probar el proceso de renovación sin afectar el funcionamiento del sitio web en producción.




  • Comentarios

    Entradas populares