- Advertisement -
Let’s Encrypt
Why choose Let’s Encrypt? Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG)
Before Installing SSL
- Please install OpenLiteSpeed. You might want to follow one of these tutorials: 1Click or Repo install
- Please register a domain to your public IP, e.g. Namesilo or some other free domain register, e.g. freenom.
Environment
We are going to install Let’s Encrypt with OLS on an AWS Linux server. Both OLS and Amazon Linux are not listed on the CertBot list but we are still able to install them using the following method.
Install Certbot
- Ubuntu 18.04
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot
- CentOS 7
yum -y install yum-utils yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional sudo yum install certbot
- CentOS 8
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
Run certbot with the following command:
certbot certonly
Answer the following questions to complete the installation process:
How would you like to authenticate with the ACME CA?
- Spin up a temporary webserver (standalone)
- Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to cancel): YOUR_EMAIL
Please read the Terms of Service at https://letsencrypt.org/ documents/ LE-SA-v1.2- November- 15- 2017.pdf. You must agree in order to register with the ACME server at https://acme-v01. api. letsencrypt.org/ directory
(A)gree/(C)ancel: A
Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let’s Encrypt project and the non-profit organization that develops Certbot?
(Y)es/(N)o: N
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’ to cancel): YOUR_DOMAIN
Input the webroot for YOUR_DOMAIN: (Enter ‘c’ to cancel):
/usr/local/lsws/Example/htmlWaiting for verification… Cleaning up challenges
IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pemYour key file has been saved at:
/etc/letsencrypt/live/YOUR_DOMAIN/privkey.pemYour cert will expire on DATE. To obtain a new or tweaked version of this certificate in the future, simply run “certbot-auto” again.
To non-interactively renew *all* of your certificates, run “certbot-auto renew”
Configure OpenLiteSpeed for SSL
Navigate to OpenLiteSpeed > Web Console > Listeners > SSL > SSL Private Key & Certificate
Set the following values:
Private Key File:
/etc/letsencrypt/live/YOUR_DOMAIN/privkey.pemCertificate File:
/etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pemClick SAVE then do a Graceful restart
Verify SSL
View Certificate
Open your site with https protocol. Click Secure to view site information.
View Issuer
Click Valid, then you will see certificate information which should include Issued by Let’s Encrypt.
View Cert Valid Date
openssl x509 -noout -dates -in /etc/letsencrypt/live/YOUR_DOMAIN/cert.pemYou should see something like this:
- notBefore=Jan 11 20:05:22 2018 GMT
- notAfter=Apr 11 20:05:22 2018 GMT
- Advertisement -
