Differences

This shows you the differences between two versions of the page.

--- install_letsencrypt_certbot_apache2_ubuntu_server_22_04 [2023/06/22 15:09] – wikiadmin
+++ install_letsencrypt_certbot_apache2_ubuntu_server_22_04 [2023/06/22 15:48] (current) – wikiadmin
@@ Line 2: / Line 2: @@
 If you have Certbot installed and it is not being detected, then purge it.
+Go Here to: [[remove_letsencrypt_certbot_re_install|Remove LetsEncrypt Certbot in Order to Properly Re-Install Certbot]]
 Reinstalling Certbot properly.
@@ Line 142: / Line 144: @@
 certbot 1.21.0
 </code>
+<code>
+Get the Let’s Encrypt SSL certificate
+To get the SSL certificate using the Certbot, type the command given below:
+$ sudo certbot --apache
+You will be asked to provide your valid email address and accept the term of service:
+Saving debug log to /var/log/letsencrypt/letsencrypt.log
+Enter email address (used for urgent renewal and security notices)
+ (Enter 'c' to cancel): admin@your-domain.com
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Please read the Terms of Service at
+https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
+agree in order to register with the ACME server. Do you agree?
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(Y)es/(N)o: Y
+Next, you’ll be asked if you want to share your email with the Electronic Frontier Foundation to receive news and other information. If you do not want to subscribe to their content, write N.
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Would you be willing, once your first certificate is successfully issued, to
+share your email address with the Electronic Frontier Foundation, a founding
+partner of the Let's Encrypt project and the non-profit organization that
+develops Certbot? We'd like to send you email about our work encrypting the web,
+EFF news, campaigns, and ways to support digital freedom.
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(Y)es/(N)o: N
+Next, you will be asked to select the domain on which you want to install the Let’s Encrypt SSL:
+Account registered.
+Which names would you like to activate HTTPS for?
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+: your-domain.com
+: www.your-domain.com
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Select the appropriate numbers separated by commas and/or spaces, or leave input
+blank to select all options shown (Enter 'c' to cancel):
+If the SSL certificate is successfully obtained, certbot displays a message to show the configuration was successful:
+IMPORTANT NOTES:
+ - Congratulations! Your certificate and chain have been saved at:
+   /etc/letsencrypt/live/your-domain.com.com/fullchain.pem
+   Your key file has been saved at:
+   /etc/letsencrypt/live/your-domain.com/privkey.pem
+   Your cert will expire on 2023-03-22. To obtain a new or tweaked
+   version of this certificate in the future, simply run certbot
+   again. To non-interactively renew *all* of your certificates, run
+   "certbot renew"
+ - Your account credentials have been saved in your Certbot
+   configuration directory at /etc/letsencrypt. You should make a
+   secure backup of this folder now. This configuration directory will
+   also contain certificates and private keys obtained by Certbot so
+   making regular backups of this folder is ideal.
+ - If you like Certbot, please consider supporting our work by:
+   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
+   Donating to EFF:                    https://eff.org/donate-le
+Now, you have successfully installed SSL on your website.
+</code>
+**APPLY FOR LETSENCRYPT SSL CERTIFICATE USING CERTBOT**
+<code>
+sudo certbot --apache
+Saving debug log to /var/log/letsencrypt/letsencrypt.log
+Enter email address (used for urgent renewal and security notices)
+ (Enter 'c' to cancel): tech.admin@example.com
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Please read the Terms of Service at
+https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
+agree in order to register with the ACME server. Do you agree?
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(Y)es/(N)o: Y
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Would you be willing, once your first certificate is successfully issued, to
+share your email address with the Electronic Frontier Foundation, a founding
+partner of the Let's Encrypt project and the non-profit organization that
+develops Certbot? We'd like to send you email about our work encrypting the web,
+EFF news, campaigns, and ways to support digital freedom.
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(Y)es/(N)o: N
+Account registered.
+Which names would you like to activate HTTPS for?
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+: example.com
+: www.example.com
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Select the appropriate numbers separated by commas and/or spaces, or leave input
+blank to select all options shown (Enter 'c' to cancel):
+Requesting a certificate for cabdrop.com and www.cabdrop.com
+Successfully received certificate.
+Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
+Key is saved at:         /etc/letsencrypt/live/example.com/privkey.pem
+This certificate expires on 2023-09-20.
+These files will be updated when the certificate renews.
+Certbot has set up a scheduled task to automatically renew this certificate in the background.
+Deploying certificate
+Successfully deployed certificate for example.com to /etc/apache2/sites-available/example-com-le-ssl.conf
+Successfully deployed certificate for www.example.com to /etc/apache2/sites-available/example-com-le-ssl.conf
+Congratulations! You have successfully enabled HTTPS on https://example.com and https://www.example.com
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+If you like Certbot, please consider supporting our work by:
+ * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
+ * Donating to EFF:                    https://eff.org/donate-le
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+</code>
+**Check the Auto-Renewal status, i.e. that Certbot has setup Auto-Renewal of the Certificate**
+<code>
+sudo systemctl status certbot.timer
+● certbot.timer - Run certbot twice daily
+     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
+     Active: active (waiting) since Thu 2023-06-22 15:02:09 UTC; 18min ago
+    Trigger: Thu 2023-06-22 23:58:49 UTC; 8h left
+   Triggers: ● certbot.service
+Jun 22 15:02:09 svr1 systemd[1]: Started Run certbot twice daily.
+</code>
+**Revoking LetsEncrypt Certificates**
+If you wish to remove a certificate from your server it can be revoked using a subcommand with Let’s Encrypt client. The command below can be used to revoke a particular certificate.
+<code>
+$ sudo certbot revoke --cert-path /etc/letsencrypt/live/your-domain.com/cert.pem
+</code>
+Note: Replace your-domain.com with the domain which certificate you wish to revoke.
+The process does not give a confirmation upon completion, but if you perform it again you will get a message that the certificate has already been revoked.