Use the Certbot tool to quickly deploy the Let's Encrypt Free SSL certificate for the website

Source: Internet
Author: User
Tags vps free ssl free ssl certificate ssl certificate vps server certbot letsencrypt
Nowadays, more and more websites are using SSL certificates, not only on e-commerce websites and portals, but also on many personal websites and blogs, the old man is also considering whether to install the SSL certificate for his blog. He has been preparing to add it before, because this topic uses a lot of outdated directories and files which are manually added statically, therefore, it is troublesome to modify the settings.

 

The old left Blog (laozuo.org) also shares many installation articles on SSL certificates, and many merchants also provide free certificates, for example, Tencent Cloud provides a free one-year GeoTrust dv ssl certificate, and Let's Encrypt is permanently free but requires a 90-day activation and renewal. Of course, it is not very expensive to purchase a certificate, some even tens of dollars can be bought in a year.

 

For general websites, we can use a free SSL certificate. For example, if we use more Let's Encrypt certificates, we can manually deploy them according to the tutorial, as well as the old Left has shared the use of the ssl for free tool to automatically deploy to the VPS server, and cPanel panel virtual host. In this article, I am going to share with you the process of deploying the Let's Encrypt certificate using the Certbot tool.

 

1. Certbot official website and deployment version selection

 

The code is as follows: Copy code

Address: https://certbot.eff.org

 

 

Select the system and release version based on the actual project environment, and then jump to the installation wizard. The installation wizard is displayed.

 

 

Here we will deploy the service according to the Wizard. Here we will deploy it in the automatic mode. We hope everything goes well, because I am afraid to write the tutorial now, and some may even need to be adjusted for several days to complete it, maybe the IQ is not too high. This cannot be done, because it is born.

 

2. Deploying SSL using Certbot in Linux VPS

 

Here, my environment uses Nginx and the system uses CentOS6. I will select the corresponding one in the previous step and install it as prompted.

 

1. Automatic installation

 

The code is as follows: Copy code

Wget https://dl.eff.org/certbot-auto
Chmod a + x certbot-auto
./Certbot-auto

 

After the automatic installation is executed, the required environment components will be downloaded and installed. In short, we can execute the installation. If you need to install the required environment components, enter y and press enter.

 

2. Generate a domain name certificate

 

A-single domain name

 

The code is as follows: Copy code

./Certbot-auto certonly -- email admin@laobuluo.com -- agree-tos -- webroot-w/data/wwwroot/ssl.laobuluo.com-d ssl.laobuluo.com

 

B-multiple domain names

 

The code is as follows: Copy code

. /Certbot-auto certonly -- email admin@laobuluo.com -- agree-tos -- webroot-w/var/www/laozuo-d laozuo.org-d www.laozuo.org-w/var/www/laobuluo-d laobuluo.com- d www.laobuluo.com

 

For multi-domain names, refer to the above multi-domain name settings. Modify and adjust the domain name.

 

 

We will have a window popped up when generating the certificate, and it is estimated that the email address is not detected. Then, after entering the press enter OK manually, we can see that the certificate has been generated for 90 days, then, we will renew the service for another 90 days. We can also use an automatic script to automatically renew the subscription.

 

3. Find our website certificate

 

After the certificate is generated, you can see that the certificate is stored in the/etc/letsencrypt/live/ssl.laobuluo.com/directory. This document is different in our website. There are four files: cert. pem, chain. pem, fullchain. pem, and privkey. pem.

 

4. Deploy the SSL file to the website.

 

After obtaining the certificate, we will know the certificate path. Here we will not change the path, but directly adjust it in the Nginx configuration file or APACHE file of the website. For details, refer to this article, the old left was set at that time.

 

The code is as follows: Copy code

Ssl_certificate/etc/letsencrypt/live/ssl.laobuluo.com/fullchain.pem;
Ssl_certificate_key/etc/letsencrypt/live/ssl.laobuluo.com/privkey.pem;
Ssl_trusted_certificate/etc/letsencrypt/live/ssl.laobuluo.com/chain.pem;

 

Add port 443 to the Nginx site configuration file and set the SSL certificate file. Restart nginx to check whether the setting is successful. If an error occurs, a message is displayed. At the end of the work, do we need to redirect all non-HTTP requests to HTTPS.

 

Third, Let's Encrypt to renew the SSL certificate

 

The code is as follows: Copy code

./Certbot-auto renew -- dry-run

 

It will be automatically renewed after execution, but is it also troublesome? This is because you have to come again every 90 days and a few days ago. We can set it to timing.

 

To sum up, whatever method we use to install the free SSL certificate for Let's Encrypt, you only need to install it. This method is also relatively simple. I will organize a detailed deployment document for Nginx and Apache later, because the Certbot tool deployment described in this article, the delay is a little too long, so it's time to go to work.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.