On the test I will install Let’s Encrypt which allows you to install free SSL certificates for 90 days and automatically re-issue them.
Let’s say that Apache2 is installed on Ubuntu Server and there is one site for which we configured one configuration file /etc/apache2/sites-available/test.conf and turned it on:
sudo a2ensite test
sudo service apache2 restart
See the configuration example in my article – Installing and Configuring the Apache2 Web Server
The site works by HTTP on 80, now we start installation of Let’s Encrypt:
sudo apt-get update
sudo apt-get install git
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Let’s move to the directory with Let’s Encrypt and ask for a certificate for the site:
cd /opt/letsencrypt
sudo ./letsencrypt-auto --apache -d ixnfo.com
You can also request for a www subdomain:
sudo ./letsencrypt-auto --apache -d ixnfo.com -d www.ixnfo.com
To obtain a certificate, the site must be accessible by a domain name from the Internet through port 80.
For resources within the network, with gray IP, you can not get a certificate.
After receiving the certificate, another configuration file /etc/apache2/sites-available/test-le-ssl.conf was created and activated with the following contents:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ixnfo.com
DocumentRoot /var/www/ixnfo/
<Directory /var/www/ixnfo>
Options -Indexes
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/ixnfo.error.log
CustomLog /var/log/ixnfo.access.log combined
SSLCertificateFile /etc/letsencrypt/live/ixnfo.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ixnfo.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/ixnfo.com/chain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Since during the receipt of the certificate I agreed to forward HTTP requests to HTTPS, at the end of my configuration file /etc/apache2/sites-available/test.conf the following was added:
RewriteEngine on
RewriteCond %{SERVER_NAME} =ixnfo.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
After the certificate expires, you can update it with the command:
sudo /opt/letsencrypt/letsencrypt-auto renew
You can also add a command to Cron for automatic updates, see my article – Using and configuring CRON
Example of adding to Cron (every Monday at 3:15):
sudo crontab -e
15 3 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/letsencrypt-renew.log
If the certificate expires and the update command is executed, nothing happens:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
——————————————————————————-
Processing /etc/letsencrypt/renewal/example.com.conf
——————————————————————————-
Cert not yet due for renewal
——————————————————————————-
The following certs are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem expires on 2018-08-01 (skipped)
No renewals were attempted.
——————————————————————————-
See also:
Installing Certbot in Ubuntu