Letsencrypt : Generate Let’s Encrypt Wildcard SSL Certificate

1.Install Let’s Encrypt Certbot Tool
#sudo apt-get OR dnf install letsencrypt

2.Generate Let’s Encrypt Wildcard SSL Certificate
#sudo certbot certonly --manual --preferred-challenges=dns --email webmaster@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d example.com  -d *.example.com

3.Certificates are generated and can be downloaded from the following path
#/etc/letsencrypt/live/example.com/

4.Generate Let’ Encrypt SSL certificate Manually using the DNS record using Certbot
- Create a variable for your desired domain
#DOMAIN=example.com

- Request a certificate using Certbot
#certbot certonly --manual -d *.$DOMAIN -d $DOMAIN --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --rsa-key-size 4096

- A value for a new DNS record will prompt
--------------------------------------------------------------------
Please deploy a DNS TXT record under the name_acme-challenge.example.com with the following value:XXXXXXXXXXXXXXXXXXXXXXXXX
Before continuing, verify the record is deployed.
--------------------------------------------------------------------

- Copy and add the value into DNS server, add a new TXT record
_acme-challenge.iderc.my.    3600    IN    TXT    "XXXXXXXXXXXXXXXXXXXXXXXXX"

- Before Enter the second time check if records were deployed 

- Install Certificate and Key
key will generate in this folder /etc/letsencrypt/live/example.com

5.Generate Let’ Encrypt SSL certificate Manually using the http challenge using Certbot
- Create a variable for your desired domain
#DOMAIN=example.com

- Request a certificate using Certbot
#certbot certonly --manual --preferred-challenges http -d *.$DOMAIN -d $DOMAIN --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --rsa-key-size 4096

- After get an output, then need to create an index.html with the above string
/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxx/index.html

- Install Certificate and Key
key will generate in this folder /etc/letsencrypt/live/example.com

Read More

Letsencrypt : Secure Apache on Ubuntu 20.04

Let’s Encrypt is a Certificate Authority (CA) that facilitates obtaining and installing free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers.

1. Installing Certbot

#sudo apt install certbot python3-certbot-apache 

2.Checking your Apache Virtual Host Configuration

#sudo vi /etc/apache2/sites-available/your_domain.conf
#sudo apache2ctl configtest
#sudo systemctl reload apache2

3.Allowing HTTPS Through the Firewall

#sudo ufw status
#sudo ufw allow 'Apache Full'
#sudo ufw delete allow 'Apache'

4.Obtaining an SSL Certificate

#sudo certbot --apache 

5.Verifying Certbot Auto-Renewal

#sudo systemctl status certbot.timer 

- To test the renewal process
#sudo certbot renew --dry-run

source: 

- https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04

Read More

Letsencrypt : Secure Apache on Virtualmin

The guide :

FOLDER DOMAIN : In virtualmin directory
FULL DOMAIN: www.example.com

1. First install Let's Encrypt script/programme

Login to SSH and get root privileges (root/sudo -i):

cd /home/<FOLDER DOMAIN>/ && git clone https://github.com/letsencrypt/letsencrypt

OR

cd /root/ && git clone https://github.com/letsencrypt/letsencrypt

* This will download the Let's Encrypt from github with executable script

2. Create your directory where you will be saving your certificate later on. Reason for this is because Virtualmin has a protection where it only allows a certificate from the user/domains directory:

mkdir /home/MYUSERNAMEFORDOMAIN/ssl_certificates

3. Setup your cronjobs by running: "sudo crontab -e"

01 3 1 * * cd /home/<FOLDER DOMAIN>/letsencrypt/ && ./letsencrypt-auto certonly --email info@<FULL DOMAIN> --agree-tos --webroot --renew-by-default -w /home/<FOLDER DOMAIN>/public_html/ -d <FULL DOMAIN> -d <FULL DOMAIN> --authenticator webroot && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/cert.pem /home/<FOLDER DOMAIN>/ssl/cert.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/chain.pem /home/<FOLDER DOMAIN>/ssl/chain.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/fullchain.pem /home/<FOLDER DOMAIN>/ssl/fullchain.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/privkey.pem /home/<FOLDER DOMAIN>/ssl/privkey.pem

OR

01 3 1 * * cd /root/letsencrypt/ && ./letsencrypt-auto certonly --email info@MYDOMAIN --agree-tos --webroot --renew-by-default -w /home/<FOLDER DOMAIN>/public_html/ -d <FULL DOMAIN> -d MYDOMAIN.net --authenticator webroot && cp /etc/letsencrypt/live/<FULL DOMAIN>/cert.pem /home/<FOLDER DOMAIN>/ssl/cert.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/chain.pem /home/<FOLDER DOMAIN>/ssl/chain.pem && cp -f /etc/letsencrypt/live/www.MYDOMAIN.net/fullchain.pem /home/<FOLDER DOMAIN>/ssl/fullchain.pem && cp -f /etc/letsencrypt/live/<FULL DOMAIN>/privkey.pem /home/<FOLDER DOMAIN>/ssl/privkey.pem

* Above command will copy the certificates to the correct directory after requesting them. It will do this every 1st of the month during the night. The reason we do this every month is because the certs are only valid 90 days and we have plenty of time to repair if something appears to be wrong with the cert later on..

Allright! The hard part is done!

3.1 Please log into your Virtualmin admin panel, Select "Webmin -> System -> Scheduled Cron Jobs". Go to your newly created Cronjob by clicking on it and select "RUN NOW".

4. in Virtualmin, select you domain and go to "Edit virtual server", make sure that SSL is enabled under "Enabled features".

5. Under "Server configuration" go to "Manage SSL Certificate". Select the tab "Update Certificate and Key" and under "Signed SSL certificate" select the option "File on server", fill in the location of the certificate: "/home/<FOLDER DOMAIN>/ssl/cert.pem"

6. Do the same for section "Matching private key". Select: "/home/<FOLDER DOMAIN>/ssl/privkey.pem"

7. Click on "Install Now".

8. Switch to tab "CA Certificate", select "In file on server " and fill in: "/home/<FOLDER DOMAIN>/ssl/fullchain.pem"

9. Click on "Save Certificate". ***

DONE! ! ! It will now auto update every month :)

Go to your website with HTTPS,

source : https://www.virtualmin.com/node/38853

Read More