Learn DevOps

Hướng dẫn cài đặt SSL bằng let’s encrypt

Hải Yến Trịnh's photo
Hải Yến Trịnh
·

3 min read

Cài đặt modules:

sudo yum install epel-release mod_ssl

Cài certbot:

sudo yum install python-certbot-apache

Cài đặt SSL certificate:

certbot --apache -d example.com

Nếu muốn tạo SSL cho nhiều domain hoặc subdomain:

certbot --apache -d example.com -d www.example.com

QUAN TRỌNG! Tên miền đầu tiên sẽ là tên miền nền của bạn, trong trường hợp này là example.com

Thông báo khi thành công:

[root@ip-172-31-93-116 conf.d]# certbot --apache -d yentth.cf
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for yentth.cf
Performing the following challenges:
http-01 challenge for yentth.cf
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/yentth-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/yentth-le-ssl.conf
Redirecting vhost in /etc/httpd/conf.d/yentth.conf to ssl vhost in /etc/httpd/conf.d/yentth-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://yentth.cf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Subscribe to the EFF mailing list (email: trinhhaiyen79@gmail.com).
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/yentth.cf/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/yentth.cf/privkey.pem
   Your certificate will expire on 2022-05-12. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[root@ip-172-31-93-116 conf.d]# Connection to ec2-54-159-88-13.compute-1.amazonaws.com closed by remote host.
Connection to ec2-54-159-88-13.compute-1.amazonaws.com closed.

Lưu ý:

  • Domain phải đang hoạt động đc (phải có 1 ec2 instance cài đặt apache đc gắn A/AAA vào domain)

  • TH gặp lỗi:

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

thì sửa như sau:

cd /etc/httpd/conf.d
sudo nano yourDomainName.conf

Paste, edit, and save the following:

<VirtualHost *:80>
    ServerName yourDomainName.com
    DocumentRoot /var/www/html
    ServerAlias www.yourDomainName.com
    ErrorLog /var/www/error.log
    CustomLog /var/www/requests.log combined
</VirtualHost>

sudo service httpd restart

And with this you should see the virtual host:

httpd -D DUMP_VHOSTS

To install certbot (another way)

cd ~/downloads
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
sudo certbot-auto --apache --debug

Cách dùng với nginx: (phải điền webserver trong file configure + nginx tắt)

Để tự renew theo lịch:

knowledge