ที่ต้องมี
1. เครื่องที่จะทำต้องออก Net ได้ เพื่อ Check DNS ข้างนอก
2. ต้องมี Domain ที่ตรวจสอบจาก DNS ข้างนอกได้ เช็คได้ที่
https://check-your-website.server-daten.de/
ถ้าไม่มีจะ Error
3. Stop apace ก่อน Run Code ไม่อย่างนั้นจะ Errorroot@intranet1804:~# certbot-auto certonly --standalone -d intranettest.sci.com -d www.intranettest.sci.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for intranettest.sci.com
http-01 challenge for www.intranettest.sci.com
Waiting for verification...
Challenge failed for domain intranettest.sci.com
Challenge failed for domain www.intranettest.sci.com
http-01 challenge for intranettest.sci.com
http-01 challenge for www.intranettest.sci.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: intranettest.sci.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for intranettest.sci.com
Domain: www.intranettest.sci.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
www.intranettest.sci.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for intranettest.com
http-01 challenge for www.intranettest.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
เริ่มติดตั้ง letsencrypt
Step 1 – Prerequisites
Before starting work on this task, I assume you already have:
- Running Ubuntu system with sudo privileges shell access.
- A domain name registered and pointed to your server’s public IP address. For this tutorial, we use example.com and www.example.com, which is pointed to our server.
- Running web server with VirtualHost configured for example.com and www.example.com on Port 80.
Step 2 – Install Let’s Encrypt Client
Download the certbot-auto Let’s Encrypt client and save under /usr/sbin directory. Use the following command to do this.
- sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
- sudo chmod a+x /usr/sbin/certbot-auto
Step 3 – Get a SSL Certificate
Let’s Encrypt do a strong Domain Validation automatically with multiple challenges to verify the ownership of the domain. Once the Certificate Authority (CA) verified the authenticity of your domain, SSL certificate will be issued.
- sudo certbot-auto certonly --standalone -d example.com -d www.example.com
Above command will prompt for an email address, which is used for sending email alerts related to SSL renewal and expiration. Also, asks a few more questions. After completion, it will issue an SSL certificate and will also create a new VirtualHost configuration file on your system.
Step 4 – Check SSL Certificate
If everything goes fine. A new ssl will be issued at below location. Navigate to below directory and view files.
- cd /etc/letsencrypt/live/example.com
- ls
Files List:
cert.pem
chain.pem
fullchain.pem
privkey.pem
Setp 5 – Configure SSL VirtualHost
Use the following configurations for Apache and Nginx web server. Edit virtual host configuration file and add below entries for the certificate.
Apache:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
Step 6 – Configure SSL Auto Renew
In the end, configure the following job on your server crontab to auto-renew SSL certificate if required.
- 0 6 30 * * sudo /usr/sbin/certbot-auto -q renew
หรือ
- 0 6 30 * * certbot renew --dry-run
Step 7 นำไฟล์ไปใช้ ที่ 000-default.conf
เช่น
<VirtualHost *:80>
ServerName extranet.scivalve.com
Redirect / https://extranet.scivalve.com/
ServerAdmin suwit@scivalve.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =extranet.scivalve.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName extranet.scivalve.com
DocumentRoot /var/www/extranet
SSLEngine on
ServerAdmin suwit@scivalve.com
<Directory /var/www/extranet/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
SSLCertificateFile /etc/letsencrypt/live/extranet.scivalve.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/extranet.scivalve.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
https://tecadmin.net/install-lets-encrypt-create-ssl-ubuntu/
ไม่มีความคิดเห็น:
แสดงความคิดเห็น