You are here: CMS Wiki>SysAdmin Web>SSLCertificates (2020-04-30, DavidLeBlanc)Edit Attach
LetsEncrypt is an easy, free way to have X.509 (SSL) Certificates on a web server. Rather than install the certificate files manually, they provide a handy utility that will download a cert, configure Apache, and install the certificate on an ongoing basis.
  1. Install Certbot

    Run this command on the command line on the machine to install Certbot.

    sudo zypper install certbot python-certbot-apache
  2. Choose how you'd like to run Certbot
    • Either get and install your certificates...

      Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.

      sudo certbot --apache
    • Or, just get a certificate

      If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.

      sudo certbot certonly --apache
  3. Set up automatic renewal

    We recommend running the following line, which will add a cron job to the default crontab.

    echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/null
  4. Confirm that Certbot worked

    To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.

Canit HTTPS certs

In case of emergency, and the SSL cert doesn't work when pasted below:
  1. SSH as root to the Web server
  2. Enter: cd /usr/share/canit/certs
  3. Enter: rm -f canit-appliance.???
  4. Enter: cp -a dummy-selfsigned-cert.crt canit-appliance.crt
  5. Enter: cp -a dummy-selfsigned-cert.key canit-appliance.key
  6. Enter: /etc/init.d/apache2 restart
-- DavidLeBlanc
Edit  | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 2020-04-30, DavidLeBlanc
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding CMS Wiki? Send feedback