Hướng dẫn cài đặt https + ssl server Amazone

SSL AMAZONE

Link tham khao: https://medium.com/@mohan08p/install-and-renew-lets-encrypt-ssl-on-amazon-ami-6d3e0a61693

Part I: Install SSL Certifcates

B1: CÀI ĐẶT CERTBOT AUTO

• • sudo yum install mod24_ssL
  • wget https://dl.eff.org/certbot-auto
  • chmod a+x certbot-auto
  • sudo ./certbot-auto –debug -v –server https://acme-v01.api.letsencrypt.org/directory certonly -d tweb.com.vn

How would you like to authenticate with the ACME CA?

——————————————————————————-

1: Apache Web Server plugin – Beta (apache)

2: Spin up a temporary webserver (standalone)

3: Place files in webroot directory (webroot)

---

 

=> CHỌN 1 ENTER

=> CÓ BƯỚC NHẬP MAIL: NHẬP VÀO EMAIL

Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must

agree in order to register with the ACME server at

https://acme-v01.api.letsencrypt.org/directory

——————————————————————————-

(A)gree/(C)ancel:

==> Chọn A

——————————————————————————-

Would you be willing to share your email address with the Electronic Frontier

Foundation, a founding partner of the Let’s Encrypt project and the non-profit

organization that develops Certbot? We’d like to send you email about our work

encrypting the web, EFF news, campaigns, and ways to support digital freedom.

——————————————————————————-

(Y)es/(N)o: N  => (khong nhan mail marketing)

B2: TODO: NẾU CÀI BÌ LỖI REMOVE CÁC FOLDER CÁI LẠI

• • rm -rf /root/.local/share/letsencrypt/
  • rm -rf /opt/eff.org/*

B3: KIỂM TRA FILE CÀI THÀNH CÔNG

• • ls /etc/letsencrypt/live/vinacircle.info/
    • cert.pem
    • chain.pem
    • fullchain.pem
    • privkey.pem
    • README

B4: CẤU HÌNH VÀO FILE /etc/httpd/conf.d/ssl.conf

• • Các file key:
    • Certificate: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/cert.pem
    • Full Chain: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/fullchain.pem
    • Private Key: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/privkey.pem
  • vim /etc/httpd/conf.d/ssl.conf
    • SSLCertificateFile /etc/letsencrypt/live/tweb.com.vn/cert.pem
    • SSLCertificateKeyFile /etc/letsencrypt/live/tweb.com.vn/privkey.pem
    • SSLCertificateChainFile /etc/letsencrypt/live/tweb.com.vn/fullchain.pem

Part II: Setup SSL Auto-renew

• crontab -e
• add: 30 2 * * Sun sudo su && cd /root/certbot-auto renew