Tag: letsencrypt – ServerOK

Lego – LetsEncrypt client

Posted on August 29, 2021 (August 29, 2021) by ServerOk

Lego is a Let’s Encrypt client and ACME library written in Go. https://github.com/go-acme/lego Install Lego To install go to the release page, download the latest version.

cd /tmp
wget https://github.com/go-acme/lego/releases/download/v4.4.0/lego_v4.4.0_linux_amd64.tar.gz
tar xvf lego_v4.4.0_linux_amd64.tar.gz
mv lego /usr/bin
rm -f lego_v4.4.0_linux_amd64.tar.gz CHANGELOG.md LICENSE

cd /tmp

wget https://github.com/go-acme/lego/releases/download/v4.4.0/lego_v4.4.0_linux_amd64.tar.gz

tar xvf lego_v4.4.0_linux_amd64.tar.gz

mv lego /usr/bin

rm -f lego_v4.4.0_linux_amd64.tar.gz CHANGELOG.md LICENSE

Create SSL certificate To create an SSL certificate, run

lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/var/lego" run

1	lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/var/lego" run

Renew SSL certificate To renew the SSL certificate, stop the webserver

systemctl stop nginx
systemctl stop apache2

1 2	systemctl stop nginx systemctl stop apache2

Now run

lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/var/lego" renew --days 90

1	lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/var/lego" renew --days 90

Start webserver after […]

Install LetsEncrypt in CentOS 7

Posted on January 10, 2021 (January 10, 2021) by ServerOk

certbot deprecated support for CentOS 7, so new version of certbot-auto script won’t work on CentOS 7. To install certbot (letsencrypt command line tool), run

yum install -y epel-release 
yum install -y python2-certbot.noarch

1 2	yum install -y epel-release yum install -y python2-certbot.noarch

To run it, use command

/usr/bin/certbot-2

1	/usr/bin/certbot-2

See LetsEncrypt […]

Change Email address of LetsEncrypt SSL

Posted on November 28, 2020 by ServerOk

To change email address of LetsEncrypt SSL certficate account, run

certbot update_account --email you@your-domain.com

1	certbot update_account --email you@your-domain.com

See LetsEncrypt […]

Delete LetsEncrypt SSL certficate

Posted on November 26, 2020 (November 26, 2020) by ServerOk

To list all available LetsEncrypt SSL certficates, run

certbot certificates

1	certbot certificates

To delete a certificate, run

certbot delete --cert-name NAME_OF_SSL_CERT

1	certbot delete --cert-name NAME_OF_SSL_CERT

You can find NAME_OF_SSL_CERT from command “certbot certificates”. See LetsEncrypt […]

LetsEncrypt SSL On Nginx Password Protected site

Posted on August 11, 2020 (December 17, 2020) by ServerOk

When you develop a web site, you will need it password protected so others won’t see or you don’t want google to index the web pages while you are working on it. To password protect a web site in nginx, see Nginx Password Protect a website If you password protect a web site and try […]

Install LetsEncrypt SSL on Bitnami

Posted on January 27, 2019 (September 12, 2021) by ServerOk

NOTE: bitnami provides a tool to install SSL, it is better to use the tool to install SSL. You can see more info on page How to install LetsEncrypt SSL on Bitnami WordPress Server To install LetsEncrypt SSL on bitnami wordpress server, install letsencrypt with

wget https://raw.githubusercontent.com/serverok/server-setup/master/install/letsencrypt.sh
sh ./letsencrypt.sh

1 2	wget https://raw.githubusercontent.com/serverok/server-setup/master/install/letsencrypt.sh sh ./letsencrypt.sh

Stop apache web server with

/opt/bitnami/ctlscript.sh stop apache

1	/opt/bitnami/ctlscript.sh stop apache

Now get SSL […]

Install SSL Certificate in Virtualmin

Posted on December 12, 2018 by ServerOk

To install SSL certificate in Virtualmin, select the domain from drop down list of Virtualmin. On left Menu, go to Server Configuration > SSL Certificate If you want to install Free LetsEncypt SSL, click on “Let’s Encrypt” link on top. On next page Click on “Request Certificate”. […]

Nginx Proxy SSL Verification

Posted on June 21, 2018 (February 7, 2019) by ServerOk

When using Nginx as reverse proxy, you may need to handle SSL verification request. Passing this request to backend server may not do any good as back end servers normally only handle application. To hanlde SSL validation request, use following Nginx Configuration

server {
    listen 80;
    server_name YOUR-DOMAIN.EXTN www.YOUR-DOMAIN.EXTN;

    location ^~ /.well-known/acme-challenge/ {
        root /var/www/html;
    }

    location / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.1.2.1:4200;
    }
}

server {

listen 80;

server_name YOUR-DOMAIN.EXTN www.YOUR-DOMAIN.EXTN;

location ^~ /.well-known/acme-challenge/ {

root /var/www/html;

}

location / {

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_set_header Host $host;

proxy_pass http://127.1.2.1:4200;

}

Now restart Nginx

service nginx restart

1	service nginx restart

You can get SSL with following letsencrypt command […]

certbot certificates

Posted on February 24, 2018 by ServerOk

To list all letsencrypt SSL certificates, run

certbot certificates

1	certbot certificates

Example

root@ok:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/boby.hosthat.com/cert.pem is unknown

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: boby.hosthat.com
    Domains: boby.hosthat.com
    Expiry Date: 2017-06-11 15:10:00+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/boby.hosthat.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/boby.hosthat.com/privkey.pem
  Certificate Name: img.serverok.in
    Domains: img.serverok.in
    Expiry Date: 2018-05-02 16:06:53+00:00 (VALID: 66 days)
    Certificate Path: /etc/letsencrypt/live/img.serverok.in/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/img.serverok.in/privkey.pem
  Certificate Name: lab.hostonnet.com
    Domains: lab.hostonnet.com
    Expiry Date: 2018-04-25 03:34:37+00:00 (VALID: 59 days)
    Certificate Path: /etc/letsencrypt/live/lab.hostonnet.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/lab.hostonnet.com/privkey.pem
  Certificate Name: yboby.cf
    Domains: yboby.cf www.yboby.cf
    Expiry Date: 2018-03-21 19:43:49+00:00 (VALID: 25 days)
    Certificate Path: /etc/letsencrypt/live/yboby.cf/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/yboby.cf/privkey.pem
-------------------------------------------------------------------------------
root@ok:~#

root@ok:~# certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Revocation status for /etc/letsencrypt/live/boby.hosthat.com/cert.pem is unknown

-------------------------------------------------------------------------------

Found the following certs:

Certificate Name: boby.hosthat.com

Domains: boby.hosthat.com

Expiry Date: 2017-06-11 15:10:00+00:00 (INVALID: EXPIRED)

Certificate Path: /etc/letsencrypt/live/boby.hosthat.com/fullchain.pem

Private Key Path: /etc/letsencrypt/live/boby.hosthat.com/privkey.pem

Certificate Name: img.serverok.in

Domains: img.serverok.in

Expiry Date: 2018-05-02 16:06:53+00:00 (VALID: 66 days)

Certificate Path: /etc/letsencrypt/live/img.serverok.in/fullchain.pem

Private Key Path: /etc/letsencrypt/live/img.serverok.in/privkey.pem

Certificate Name: lab.hostonnet.com

Domains: lab.hostonnet.com

Expiry Date: 2018-04-25 03:34:37+00:00 (VALID: 59 days)

Certificate Path: /etc/letsencrypt/live/lab.hostonnet.com/fullchain.pem

Private Key Path: /etc/letsencrypt/live/lab.hostonnet.com/privkey.pem

Certificate Name: yboby.cf

Domains: yboby.cf www.yboby.cf

Expiry Date: 2018-03-21 19:43:49+00:00 (VALID: 25 days)

Certificate Path: /etc/letsencrypt/live/yboby.cf/fullchain.pem

Private Key Path: /etc/letsencrypt/live/yboby.cf/privkey.pem

-------------------------------------------------------------------------------

root@ok:~#

letsencrypt […]

Enable LetsEncrypt SSL in ISPConfig

Posted on January 1, 2018 (January 1, 2018) by ServerOk

Login to ISPConfig at https://your-server-ip:8080 On main menu, click on “Sites”. It will show all available web sites on your server. Click on the domain on which you need LetsEncrypt SSL installed. On Next page, click the check boxes “SSL” and “LetsEncrypt”. Click “Save” button. In few minutes you will get SSL installed on your […]