I used https for my blog and tried Alibaba Cloud’s free certificate for a period of one year. I need to manually renew it after the expiration. Although Let’s Encrypt’s certificate period is only three months, considering that it can be automatically renewed, [iemblog] (https://www.iemblog.com) is still a free certificate of Let’s Encrypt.
Reference: certbot official tutorial
Centos Apache configures Https For Websites Via Let’s Encrypt
install certbot
sudo yum install certbot python2-certbot-apache
Get Started
Certbot has an Apache plugin, which is supported on many platforms, and automates certificate installation.
sudo certbot --apache
Run this command to get the certificate and let Certbot automatically edit the Apache configuration based on your input settings to avoid the cumbersome operation of human configuration. If you want to manually change the Certbot and Apache configuration, you can use the certonly subcommand:
sudo certbot --apache certonly
Bob Master C uses the first automatic configuration, the details are as follows:
As you can see from the actual use, the Certbot Apache plugin has a comprehensive set of https auto-configuration programs for Apache servers (including redirection and other features), which greatly simplifies the configuration process.
Automating renewal
Certbot can be configured to renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal runs the following:
certbot renew
Note:
if you’re setting up a cron or systemd job, we recommend running it twice per day (it won’t do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let’s Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks.
According to the official advice of Let’s Encrypt, we can run the following command to perform an automatic renewal task.
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/null
As long as all the intra-site links in the current webpage are accessed through the https form, there will be a lock icon in the browser website information, indicating that the connection is completely encrypted, otherwise the content will be unsafe.
