Difference between revisions of "Obtaining a Digital Certificate from Lets Encrypt"

From csn
Jump to navigation Jump to search
(Created page with "Much of this information is sourced from: https://letsencrypt.org/getting-started/ Before starting to ensure that you have an A record pointing to the IP address of your serv...")
 
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
[[File:lets_encrypt.png|right|thumb|x450px|alt=The Let's Encrypt Website|The Let's Encrypt Website]]
 
Much of this information is sourced from: https://letsencrypt.org/getting-started/
 
Much of this information is sourced from: https://letsencrypt.org/getting-started/
 +
 +
== Pre-requisites ==
  
 
Before starting to ensure that you have an A record pointing to the IP address of your server. To verify that you have met this prerequisite, you should be able to ssh from your local machine. For example, the following should be successful
 
Before starting to ensure that you have an A record pointing to the IP address of your server. To verify that you have met this prerequisite, you should be able to ssh from your local machine. For example, the following should be successful
  
  ssh ubuntu@[yourdomain-name-goes-here.com]
+
  ssh -i pemkey.pem ubuntu@[yourdomain-name-goes-here.com]
  
 
I will also assume that you are running the Apache web server and have current access. You could use a web browser or from the CLI you could:
 
I will also assume that you are running the Apache web server and have current access. You could use a web browser or from the CLI you could:
Line 9: Line 12:
 
  wget http://[yourdomain-name-goes-here.com]
 
  wget http://[yourdomain-name-goes-here.com]
  
If these tests fail, go back to the Amazon EC2 server lab and the DNS lab and make sure these tests work before you proceed.
+
If these tests fail, go back to the Amazon EC2 server lab and the DNS lab and make sure these tests work before you proceed. Check that the firewall in your Amazon machine has port 22, 80 and 443 open.
 +
 
 +
== Obtaining your digital certificate from Let's Encrypt ==
  
 
You should, for testing purposes have TCP port 22, 80 and 443 available through the firewall. Once you have tested that your website is working over HTTP (port 80), it is time to get a certificate and enable it over HTTPS (port 443). Go to:  
 
You should, for testing purposes have TCP port 22, 80 and 443 available through the firewall. Once you have tested that your website is working over HTTP (port 80), it is time to get a certificate and enable it over HTTPS (port 443). Go to:  
Line 15: Line 20:
 
  https://certbot.eff.org/
 
  https://certbot.eff.org/
  
Select I'm using "Apache" on "Ubuntu 18.04". This will provide you with the instructions, which I have re-provided below. These instructions add additional repositories that will allow your Ubuntu instance to download the correct packages.
+
Select I'm using "Apache" on "Ubuntu 20.04". This will provide you with the instructions, which I have re-provided below. These instructions add additional repositories that will allow your Ubuntu instance to download the correct packages.  
  
  sudo apt-get update
+
Install snapd
  sudo apt-get install software-properties-common
 
  sudo add-apt-repository universe
 
  sudo add-apt-repository ppa:certbot/certbot
 
  sudo apt-get update
 
  
Then install certbot
+
sudo snap install core
 +
sudo snap refresh core
  
  sudo apt-get install certbot python-certbot-apache
+
Remove certbot-auto and any Certbot OS packages
 +
sudo apt remove certbot
  
Then, get the apache plugin
+
If you previously used Certbot through the certbot-auto script, you should also remove its installation by following the instructions here.
  
  sudo certbot --apache
+
Install Certbot
  
Follow the prompts and after you finish, you can test.
+
sudo snap install --classic certbot
  
If you are happy with this, consider turning on auto renewal
+
Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.
 +
 
 +
sudo ln -s /snap/bin/certbot /usr/bin/certbot
 +
sudo certbot --apache
 +
 
 +
You should not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
  
 
  sudo certbot renew --dry-run
 
  sudo certbot renew --dry-run
 +
 +
To confirm that your site is set up properly, visit your website in your browser and look for the lock icon. Click on the lock icon to see if you can tell who issued the certificate.

Latest revision as of 07:10, 26 April 2022

The Let's Encrypt Website
The Let's Encrypt Website

Much of this information is sourced from: https://letsencrypt.org/getting-started/

Pre-requisites

Before starting to ensure that you have an A record pointing to the IP address of your server. To verify that you have met this prerequisite, you should be able to ssh from your local machine. For example, the following should be successful

ssh -i pemkey.pem ubuntu@[yourdomain-name-goes-here.com]

I will also assume that you are running the Apache web server and have current access. You could use a web browser or from the CLI you could:

wget http://[yourdomain-name-goes-here.com]

If these tests fail, go back to the Amazon EC2 server lab and the DNS lab and make sure these tests work before you proceed. Check that the firewall in your Amazon machine has port 22, 80 and 443 open.

Obtaining your digital certificate from Let's Encrypt

You should, for testing purposes have TCP port 22, 80 and 443 available through the firewall. Once you have tested that your website is working over HTTP (port 80), it is time to get a certificate and enable it over HTTPS (port 443). Go to:

https://certbot.eff.org/

Select I'm using "Apache" on "Ubuntu 20.04". This will provide you with the instructions, which I have re-provided below. These instructions add additional repositories that will allow your Ubuntu instance to download the correct packages.

Install snapd

sudo snap install core
sudo snap refresh core

Remove certbot-auto and any Certbot OS packages

sudo apt remove certbot

If you previously used Certbot through the certbot-auto script, you should also remove its installation by following the instructions here.

Install Certbot

sudo snap install --classic certbot

Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.

sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache

You should not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

To confirm that your site is set up properly, visit your website in your browser and look for the lock icon. Click on the lock icon to see if you can tell who issued the certificate.