Friday, November 22, 2019

Fee SSL Certificate with getssl and letsencrypt.org in ubuntu.

Thanks to Letsencrypt the first non-profit CA. It's great. 
This tutotial just show how you use the getssl command for getting the free  SSL Certificate from letsencrypt.org in ubuntu.

The getssl  need the nsloolup. So, we have to install it first:
sudo apt-get install dnsutils
Install getssl with command below:
curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl

The getssl will save the settings in the HOME folder. We can't export the HOME folder to save to the other folder(ex: /acme folder).
mkdir /acme
export HOME=/acme

Create config for you domain( ex: domain is etrader.ddns.net)
getssl -c etrader.ddns.net
It will create the config for your domain (ex: domain is etrader.ddns.net) in $HOME/.getssl/[domain]/getssl.cfg
You have to modify these setting by add below settings
CA="https://acme-v02.api.letsencrypt.org/directory"
ACL=('/var/www/html/.well-known/acme-challenge')
USE_SINGLE_ACL="true"
RELOAD_CMD="systemctl restart apache2"

Get free certificate 
getssl etrader.ddns.net
It will download create the private key and certificate at $HOME/.getssl/[domain]/
Private key: $HOME/.getssl/[domain]/[domain].key
Certificate: $HOME/.getssl/[domain]/[domain].crt

In the apache2 you have to point to these files like:
SSLEngine on
SSLCertificateFile      /acme/.getssl/etrader.ddns.net/etrader.ddns.net.crt

SSLCertificateKeyFile /acme/.getssl/etrader.ddns.net/etrader.ddns.net.key


Restart apache2 to take effect.
systemctl restart apache2

And test it

at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Install and use xorg-server on macOS via Homebrew

  The instructions to install and use xorg-server on macOS via Homebrew: Install Homebrew (if you haven't already): /bin/bash -c ...