Step 1:
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto
Step 2:
./certbot-auto --nginx
Result:
[root@tutorialspots ~]# ./certbot-auto --nginx Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no -bootstrap) yum is /usr/bin/yum Loaded plugins: fastestmirror Setting up Install Process Loading mirror speeds from cached hostfile * base: mirrors.nhanhoa.com * epel: epel.mirror.net.in * extras: mirror.pregi.net * remi-safe: remi.mirror.ate.info * updates: mirror.rise.ph Package gcc-4.4.7-18.el6.x86_64 already installed and latest version Package redhat-rpm-config-9.0.3-51.el6.centos.noarch already installed and lates t version Resolving Dependencies --> Running transaction check ---> Package augeas-libs.x86_64 0:1.0.0-10.el6 will be installed ---> Package ca-certificates.noarch 0:2015.2.6-65.0.1.el6_7 will be updated ---> Package ca-certificates.noarch 0:2017.2.14-65.0.1.el6_9 will be an update ---> Package libffi-devel.x86_64 0:3.0.5-3.2.el6 will be installed ---> Package mod_ssl.x86_64 1:2.2.15-60.el6.centos.6 will be installed --> Processing Dependency: httpd = 2.2.15-60.el6.centos.6 for package: 1:mod_ssl -2.2.15-60.el6.centos.6.x86_64 ---> Package openssl.x86_64 0:1.0.1e-48.el6_8.1 will be updated ---> Package openssl.x86_64 0:1.0.1e-57.el6 will be an update ---> Package openssl-devel.x86_64 0:1.0.1e-48.el6_8.1 will be updated ---> Package openssl-devel.x86_64 0:1.0.1e-57.el6 will be an update ---> Package python.x86_64 0:2.6.6-64.el6 will be updated ---> Package python.x86_64 0:2.6.6-66.el6_8 will be an update --> Processing Dependency: python-libs(x86-64) = 2.6.6-66.el6_8 for package: pyt hon-2.6.6-66.el6_8.x86_64 ---> Package python-devel.x86_64 0:2.6.6-66.el6_8 will be installed ---> Package python-pip.noarch 0:7.1.0-1.el6 will be installed ---> Package python-tools.x86_64 0:2.6.6-66.el6_8 will be installed --> Processing Dependency: tkinter = 2.6.6-66.el6_8 for package: python-tools-2. 6.6-66.el6_8.x86_64 ---> Package python-virtualenv.noarch 0:1.10.1-1.el6 will be installed --> Running transaction check ---> Package httpd.x86_64 0:2.2.15-54.el6.centos will be updated --> Processing Dependency: httpd = 2.2.15-54.el6.centos for package: httpd-devel -2.2.15-54.el6.centos.x86_64 ---> Package httpd.x86_64 0:2.2.15-60.el6.centos.6 will be an update --> Processing Dependency: httpd-tools = 2.2.15-60.el6.centos.6 for package: htt pd-2.2.15-60.el6.centos.6.x86_64 ---> Package python-libs.x86_64 0:2.6.6-64.el6 will be updated ---> Package python-libs.x86_64 0:2.6.6-66.el6_8 will be an update ---> Package tkinter.x86_64 0:2.6.6-66.el6_8 will be installed --> Processing Dependency: libTix.so()(64bit) for package: tkinter-2.6.6-66.el6_ 8.x86_64 --> Running transaction check ---> Package httpd-devel.x86_64 0:2.2.15-54.el6.centos will be updated ---> Package httpd-devel.x86_64 0:2.2.15-60.el6.centos.6 will be an update ---> Package httpd-tools.x86_64 0:2.2.15-54.el6.centos will be updated ---> Package httpd-tools.x86_64 0:2.2.15-60.el6.centos.6 will be an update ---> Package tix.x86_64 1:8.4.3-5.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: augeas-libs x86_64 1.0.0-10.el6 base 314 k libffi-devel x86_64 3.0.5-3.2.el6 base 18 k mod_ssl x86_64 1:2.2.15-60.el6.centos.6 updates 99 k python-devel x86_64 2.6.6-66.el6_8 base 173 k python-pip noarch 7.1.0-1.el6 epel 1.5 M python-tools x86_64 2.6.6-66.el6_8 base 871 k python-virtualenv noarch 1.10.1-1.el6 epel 1.3 M Updating: ca-certificates noarch 2017.2.14-65.0.1.el6_9 updates 1.3 M openssl x86_64 1.0.1e-57.el6 base 1.5 M openssl-devel x86_64 1.0.1e-57.el6 base 1.2 M python x86_64 2.6.6-66.el6_8 base 76 k Installing for dependencies: tix x86_64 1:8.4.3-5.el6 base 252 k tkinter x86_64 2.6.6-66.el6_8 base 258 k Updating for dependencies: httpd x86_64 2.2.15-60.el6.centos.6 updates 836 k httpd-devel x86_64 2.2.15-60.el6.centos.6 updates 158 k httpd-tools x86_64 2.2.15-60.el6.centos.6 updates 80 k python-libs x86_64 2.6.6-66.el6_8 base 5.3 M Transaction Summary ================================================================================ Install 9 Package(s) Upgrade 8 Package(s) Total download size: 15 M Is this ok [y/N]: y Downloading Packages: (1/17): augeas-libs-1.0.0-10.el6.x86_64.rpm | 314 kB 00:00 (2/17): ca-certificates-2017.2.14-65.0.1.el6_9.noarch.rp | 1.3 MB 00:00 (3/17): httpd-2.2.15-60.el6.centos.6.x86_64.rpm | 836 kB 00:00 (4/17): httpd-devel-2.2.15-60.el6.centos.6.x86_64.rpm | 158 kB 00:00 (5/17): httpd-tools-2.2.15-60.el6.centos.6.x86_64.rpm | 80 kB 00:00 (6/17): libffi-devel-3.0.5-3.2.el6.x86_64.rpm | 18 kB 00:00 (7/17): mod_ssl-2.2.15-60.el6.centos.6.x86_64.rpm | 99 kB 00:00 (8/17): openssl-1.0.1e-57.el6.x86_64.rpm | 1.5 MB 00:00 (9/17): openssl-devel-1.0.1e-57.el6.x86_64.rpm | 1.2 MB 00:00 (10/17): python-2.6.6-66.el6_8.x86_64.rpm | 76 kB 00:00 (11/17): python-devel-2.6.6-66.el6_8.x86_64.rpm | 173 kB 00:00 (12/17): python-libs-2.6.6-66.el6_8.x86_64.rpm | 5.3 MB 00:00 (13/17): python-pip-7.1.0-1.el6.noarch.rpm | 1.5 MB 00:01 (14/17): python-tools-2.6.6-66.el6_8.x86_64.rpm | 871 kB 00:00 (15/17): python-virtualenv-1.10.1-1.el6.noarch.rpm | 1.3 MB 00:01 (16/17): tix-8.4.3-5.el6.x86_64.rpm | 252 kB 00:00 (17/17): tkinter-2.6.6-66.el6_8.x86_64.rpm | 258 kB 00:00 -------------------------------------------------------------------------------- Total 950 kB/s | 15 MB 00:16 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : ca-certificates-2017.2.14-65.0.1.el6_9.noarch 1/25 Updating : openssl-1.0.1e-57.el6.x86_64 2/25 Updating : python-libs-2.6.6-66.el6_8.x86_64 3/25 Updating : python-2.6.6-66.el6_8.x86_64 4/25 Installing : python-devel-2.6.6-66.el6_8.x86_64 5/25 Updating : httpd-tools-2.2.15-60.el6.centos.6.x86_64 6/25 Updating : httpd-2.2.15-60.el6.centos.6.x86_64 7/25 Installing : 1:tix-8.4.3-5.el6.x86_64 8/25 Installing : tkinter-2.6.6-66.el6_8.x86_64 9/25 Installing : python-tools-2.6.6-66.el6_8.x86_64 10/25 Updating : httpd-devel-2.2.15-60.el6.centos.6.x86_64 11/25 Installing : 1:mod_ssl-2.2.15-60.el6.centos.6.x86_64 12/25 Installing : python-virtualenv-1.10.1-1.el6.noarch 13/25 Installing : python-pip-7.1.0-1.el6.noarch 14/25 Updating : openssl-devel-1.0.1e-57.el6.x86_64 15/25 Installing : augeas-libs-1.0.0-10.el6.x86_64 16/25 Installing : libffi-devel-3.0.5-3.2.el6.x86_64 17/25 Cleanup : httpd-devel-2.2.15-54.el6.centos.x86_64 18/25 Cleanup : openssl-devel-1.0.1e-48.el6_8.1.x86_64 19/25 Cleanup : httpd-2.2.15-54.el6.centos.x86_64 20/25 Cleanup : httpd-tools-2.2.15-54.el6.centos.x86_64 21/25 Cleanup : python-libs-2.6.6-64.el6.x86_64 22/25 Cleanup : python-2.6.6-64.el6.x86_64 23/25 Cleanup : openssl-1.0.1e-48.el6_8.1.x86_64 24/25 Cleanup : ca-certificates-2015.2.6-65.0.1.el6_7.noarch 25/25 Verifying : python-devel-2.6.6-66.el6_8.x86_64 1/25 Verifying : python-2.6.6-66.el6_8.x86_64 2/25 Verifying : libffi-devel-3.0.5-3.2.el6.x86_64 3/25 Verifying : tkinter-2.6.6-66.el6_8.x86_64 4/25 Verifying : 1:tix-8.4.3-5.el6.x86_64 5/25 Verifying : python-pip-7.1.0-1.el6.noarch 6/25 Verifying : httpd-tools-2.2.15-60.el6.centos.6.x86_64 7/25 Verifying : openssl-devel-1.0.1e-57.el6.x86_64 8/25 Verifying : httpd-2.2.15-60.el6.centos.6.x86_64 9/25 Verifying : python-libs-2.6.6-66.el6_8.x86_64 10/25 Verifying : httpd-devel-2.2.15-60.el6.centos.6.x86_64 11/25 Verifying : augeas-libs-1.0.0-10.el6.x86_64 12/25 Verifying : ca-certificates-2017.2.14-65.0.1.el6_9.noarch 13/25 Verifying : python-tools-2.6.6-66.el6_8.x86_64 14/25 Verifying : openssl-1.0.1e-57.el6.x86_64 15/25 Verifying : python-virtualenv-1.10.1-1.el6.noarch 16/25 Verifying : 1:mod_ssl-2.2.15-60.el6.centos.6.x86_64 17/25 Verifying : python-libs-2.6.6-64.el6.x86_64 18/25 Verifying : httpd-tools-2.2.15-54.el6.centos.x86_64 19/25 Verifying : httpd-devel-2.2.15-54.el6.centos.x86_64 20/25 Verifying : openssl-1.0.1e-48.el6_8.1.x86_64 21/25 Verifying : python-2.6.6-64.el6.x86_64 22/25 Verifying : ca-certificates-2015.2.6-65.0.1.el6_7.noarch 23/25 Verifying : openssl-devel-1.0.1e-48.el6_8.1.x86_64 24/25 Verifying : httpd-2.2.15-54.el6.centos.x86_64 25/25 Installed: augeas-libs.x86_64 0:1.0.0-10.el6 libffi-devel.x86_64 0:3.0.5-3.2.el6 mod_ssl.x86_64 1:2.2.15-60.el6.centos.6 python-devel.x86_64 0:2.6.6-66.el6_8 python-pip.noarch 0:7.1.0-1.el6 python-tools.x86_64 0:2.6.6-66.el6_8 python-virtualenv.noarch 0:1.10.1-1.el6 Dependency Installed: tix.x86_64 1:8.4.3-5.el6 tkinter.x86_64 0:2.6.6-66.el6_8 Updated: ca-certificates.noarch 0:2017.2.14-65.0.1.el6_9 openssl.x86_64 0:1.0.1e-57.el6 openssl-devel.x86_64 0:1.0.1e-57.el6 python.x86_64 0:2.6.6-66.el6_8 Dependency Updated: httpd.x86_64 0:2.2.15-60.el6.centos.6 httpd-devel.x86_64 0:2.2.15-60.el6.centos.6 httpd-tools.x86_64 0:2.2.15-60.el6.centos.6 python-libs.x86_64 0:2.6.6-66.el6_8 Complete! Creating virtual environment... Installing Python packages... Installation succeeded. /opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/__init__.py:2 6: DeprecationWarning: Python 2.6 is no longer supported by the Python core team , please upgrade your Python. A future version of cryptography will drop support for Python 2.6 DeprecationWarning Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): tutorialspots@gmail.com /opt/eff.org/certbot/venv/lib/python2.6/site-packages/acme/jose/jwa.py:110: Depr ecationWarning: signer and verifier have been deprecated. Please use sign and ve rify instead. signer = key.signer(self.padding, self.hash) ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: a ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: y Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: demodomain.com 2: www.demodomain.com 3: demodomain.xyz 4: ws.demodomain.xyz 5: www.demodomain.xyz ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 4 Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for ws.gochat.xyz Waiting for verification... Cleaning up challenges Deployed Certificate to VirtualHost /etc/nginx/conf.d/demodomain.xyz.conf for set([' ws.gochat.xyz']) Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP ac cess. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 ------------------------------------------------------------------------------- Congratulations! You have successfully enabled https://ws.demodomain.xyz You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=ws.demodomain.xyz ------------------------------------------------------------------------------- IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/ws.gochat.xyz/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/ws.gochat.xyz/privkey.pem Your cert will expire on 2018-02-09. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
To renew automatically: Because that Let’s Encrypt certificates is valid for 90 days, so must renew.
To test:
./certbot-auto renew --dry-run
Result:
[root@tutorialspots ~]# ./certbot-auto renew --dry-run /opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/__init__.py:2 6: DeprecationWarning: Python 2.6 is no longer supported by the Python core team , please upgrade your Python. A future version of cryptography will drop support for Python 2.6 DeprecationWarning Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/ws.tutorialspots.xyz.conf ------------------------------------------------------------------------------- Cert not due for renewal, but simulating renewal for dry run Plugins selected: Authenticator nginx, Installer nginx /opt/eff.org/certbot/venv/lib/python2.6/site-packages/acme/jose/jwa.py:110: Depr ecationWarning: signer and verifier have been deprecated. Please use sign and ve rify instead. signer = key.signer(self.padding, self.hash) Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for ws.tutorialspots.xyz Waiting for verification... Cleaning up challenges ------------------------------------------------------------------------------- new certificate deployed with reload of nginx server; fullchain is /etc/letsencrypt/live/ws.tutorialspots.xyz/fullchain.pem ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/ws.tutorialspots.xyz/fullchain.pem (success) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.) ------------------------------------------------------------------------------- IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
You can use crond to run below command twice per day:
./path/to/certbot-auto renew
https://certbot.eff.org/#centos6-nginx
1 Comment
How to run a https website with Nodejs, express and socket.io | Free Online Tutorials
(November 11, 2017 - 2:09 pm)[…] Note: this is in practice, in production you must buy one certificate or use free SSL […]