Difference between revisions of "Obtaining a Digital Certificate from Lets Encrypt"

From csn
Jump to navigation Jump to search
Line 1: Line 1:
 
[[File:lets_encrypt.png|right|thumb|x450px|alt=The Let's Encrypt Website|The Let's Encrypt Website]]
 
[[File:lets_encrypt.png|right|thumb|x450px|alt=The Let's Encrypt Website|The Let's Encrypt Website]]
 
Much of this information is sourced from: https://letsencrypt.org/getting-started/
 
Much of this information is sourced from: https://letsencrypt.org/getting-started/
 +
 +
== Pre-requisites ==
  
 
Before starting to ensure that you have an A record pointing to the IP address of your server. To verify that you have met this prerequisite, you should be able to ssh from your local machine. For example, the following should be successful
 
Before starting to ensure that you have an A record pointing to the IP address of your server. To verify that you have met this prerequisite, you should be able to ssh from your local machine. For example, the following should be successful
Line 11: Line 13:
  
 
If these tests fail, go back to the Amazon EC2 server lab and the DNS lab and make sure these tests work before you proceed.
 
If these tests fail, go back to the Amazon EC2 server lab and the DNS lab and make sure these tests work before you proceed.
 +
 +
== Obtaining your digital certificate from Let's Encrypt ==
  
 
You should, for testing purposes have TCP port 22, 80 and 443 available through the firewall. Once you have tested that your website is working over HTTP (port 80), it is time to get a certificate and enable it over HTTPS (port 443). Go to:  
 
You should, for testing purposes have TCP port 22, 80 and 443 available through the firewall. Once you have tested that your website is working over HTTP (port 80), it is time to get a certificate and enable it over HTTPS (port 443). Go to:  

Revision as of 04:28, 24 April 2020

The Let's Encrypt Website
The Let's Encrypt Website

Much of this information is sourced from: https://letsencrypt.org/getting-started/

Pre-requisites

Before starting to ensure that you have an A record pointing to the IP address of your server. To verify that you have met this prerequisite, you should be able to ssh from your local machine. For example, the following should be successful

ssh ubuntu@[yourdomain-name-goes-here.com]

I will also assume that you are running the Apache web server and have current access. You could use a web browser or from the CLI you could:

wget http://[yourdomain-name-goes-here.com]

If these tests fail, go back to the Amazon EC2 server lab and the DNS lab and make sure these tests work before you proceed.

Obtaining your digital certificate from Let's Encrypt

You should, for testing purposes have TCP port 22, 80 and 443 available through the firewall. Once you have tested that your website is working over HTTP (port 80), it is time to get a certificate and enable it over HTTPS (port 443). Go to:

https://certbot.eff.org/

Select I'm using "Apache" on "Ubuntu 18.04". This will provide you with the instructions, which I have re-provided below. These instructions add additional repositories that will allow your Ubuntu instance to download the correct packages.

 sudo apt-get update
 sudo apt-get install software-properties-common
 sudo add-apt-repository universe
 sudo add-apt-repository ppa:certbot/certbot
 sudo apt-get update

Then install certbot

 sudo apt-get install certbot python-certbot-apache

Then, get the apache plugin

 sudo certbot --apache

Follow the prompts and after you finish, you can test.

If you are happy with this, consider turning on auto renewal

sudo certbot renew --dry-run