{"id":1289,"date":"2015-06-09T17:57:15","date_gmt":"2015-06-09T15:57:15","guid":{"rendered":"http:\/\/blog.rabahi.net\/?page_id=1289"},"modified":"2016-10-08T15:30:12","modified_gmt":"2016-10-08T13:30:12","slug":"apache-ssl-using-lets-encrypt","status":"publish","type":"page","link":"https:\/\/blog.rabahi.net\/?page_id=1289","title":{"rendered":"Apache SSL using lets-encrypt"},"content":{"rendered":"

Let’s Encrypt is a certificate authority that launched on April 12, 2016[1][2] that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.
\nWikipedia<\/a><\/p>\n

Installation<\/h1>\n
\r\n# get certbot client:\r\nyum -y install python-certbot-apache\r\n\r\n# install certificate\r\ncerbot --apache -d MYDOMAIN.COM -d www.MYDOMAIN.COM\r\n\r\n# restart httpd:\r\nsystemctl httpd restart\r\n\r\n# open https port (i.e. 443) in the firewall :\r\necho \"add service http (port 443) to firewall\"\r\nfirewall-cmd --permanent --add-service https\r\n \r\necho \"reload firewall-cmd\"\r\nfirewall-cmd --reload\r\n<\/pre>\n
Renew<\/h1>\n
Finally, add a crontab to renew automatically certificate every week.
\nIn crontab add the followings :<\/p>\n
# every sunday a 2:30 am\r\n30 2 * * 6 \/usr\/bin\/certbot renew >> \/var\/log\/ssl-renew.log\r\n<\/pre>\n
How to check my certificate status ?<\/h1>\n
You can check your certificate status here : <\/p>\n
\r\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=MYDOMAIN.COM&latest\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Let’s Encrypt is a certificate authority that launched on April 12, 2016[1][2] that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites. Wikipedia Installation # get certbot client: yum -y […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":484,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-1289","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages\/1289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1289"}],"version-history":[{"count":20,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages\/1289\/revisions"}],"predecessor-version":[{"id":1682,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages\/1289\/revisions\/1682"}],"up":[{"embeddable":true,"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=\/wp\/v2\/pages\/484"}],"wp:attachment":[{"href":"https:\/\/blog.rabahi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}