Install Certbot:
# portsnap fetch
# portsnap extract
Install Let's Encrypt client:
# cd /usr/ports/security/py-certbot
# sudo make install clean
Install NGINX plugin for Certbot:
# cd /usr/ports/security/py-certbot-nginx
# sudo make install clean
Setting Up a Firewall and Allowing HTTPS Access:
Inside file, /etc/rc.conf
firewall_myservices="22/tcp 80/tcp 443/tcp"
Port 433/tpc must be open
IPFW is a stateful firewall written for FreeBSD.
Obtaining an SSL Certificate:
# sudo certbot --nginx -d life110volts.com -d www.life110volts.com
Give your email, domain ownership challange.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/usr/local/etc/letsencrypt/live/life110volts.com/fullchain.pem
Your key file has been saved at:
/usr/local/etc/letsencrypt/live/life110volts.com/privkey.pem
Your cert will expire on 2019-03-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /usr/local/etc/letsencrypt. You should
make a secure backup of this folder now. This configuration
directory will also contain certificates and private keys obtained
by Certbot so making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Check your website:
SSL Server Test
Part: 2,
Renew certificate:
You need to automate certificate renewal by setting up a cron task. It’s important to test that you’re able to renew certificates correctly.
# sudo certbot renew --dry-run
If you see no errors, you’re all set to create a new crontab:
# sudo crontab -e
This will open a new crontab file, paste bellow line in that file, it will auto renew your certificate if it close to date.
0 0,12 * * * /usr/local/bin/certbot renew
No comments:
Post a Comment