Centos Apache configures Https For Websites Via Let’s Encrypt

I used https for my blog and tried Alibaba Cloud’s free certificate for a period of one year. I need to manually renew it after the expiration. Although Let’s Encrypt’s certificate period is only three months, considering that it can be automatically renewed, [iemblog] (https://www.iemblog.com) is still a free certificate of Let’s Encrypt.

Reference: certbot official tutorial

Centos Apache configures Https For Websites Via Let’s Encrypt

install certbot

sudo yum install certbot python2-certbot-apache

Get Started

Certbot has an Apache plugin, which is supported on many platforms, and automates certificate installation.

sudo certbot --apache

Run this command to get the certificate and let Certbot automatically edit the Apache configuration based on your input settings to avoid the cumbersome operation of human configuration. If you want to manually change the Certbot and Apache configuration, you can use the certonly subcommand:

sudo certbot --apache certonly

Bob Master C uses the first automatic configuration, the details are as follows:
Let's Encrypt Https Centos ApacheLet's Encrypt Https Centos Apache

As you can see from the actual use, the Certbot Apache plugin has a comprehensive set of https auto-configuration programs for Apache servers (including redirection and other features), which greatly simplifies the configuration process.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal runs the following:

certbot renew

if you’re setting up a cron or systemd job, we recommend running it twice per day (it won’t do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let’s Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks.

According to the official advice of Let’s Encrypt, we can run the following command to perform an automatic renewal task.

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/null

Let's Encrypt Https Centos Apache

Special Note:
As long as all the intra-site links in the current webpage are accessed through the https form, there will be a lock icon in the browser website information, indicating that the connection is completely encrypted, otherwise the content will be unsafe.
0 0 vote
Article Rating
赞(1) 打赏
未经允许不得转载:iemblog » Centos Apache configures Https For Websites Via Let’s Encrypt
Notify of
Inline Feedbacks
View all comments





Would love your thoughts, please comment.x