Hướng dẫn cài đặt https + ssl server Amazone

SSL AMAZONE

Link tham khao: https://medium.com/@mohan08p/install-and-renew-lets-encrypt-ssl-on-amazon-ami-6d3e0a61693

 

Part I: Install SSL Certifcates

B1: CÀI ĐẶT CERTBOT AUTO

 

How would you like to authenticate with the ACME CA?

——————————————————————————-

1: Apache Web Server plugin – Beta (apache)

2: Spin up a temporary webserver (standalone)

3: Place files in webroot directory (webroot)


 

=> CHỌN 1 ENTER

=> CÓ BƯỚC NHẬP MAIL: NHẬP VÀO EMAIL

Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must

agree in order to register with the ACME server at

https://acme-v01.api.letsencrypt.org/directory

——————————————————————————-

(A)gree/(C)ancel:

==> Chọn A

——————————————————————————-

Would you be willing to share your email address with the Electronic Frontier

Foundation, a founding partner of the Let’s Encrypt project and the non-profit

organization that develops Certbot? We’d like to send you email about our work

encrypting the web, EFF news, campaigns, and ways to support digital freedom.

——————————————————————————-

(Y)es/(N)o: N  => (khong nhan mail marketing)

B2: TODO: NẾU CÀI BÌ LỖI REMOVE CÁC FOLDER CÁI LẠI

    • rm -rf /root/.local/share/letsencrypt/
    • rm -rf /opt/eff.org/*



B3: KIỂM TRA FILE CÀI THÀNH CÔNG

    • ls /etc/letsencrypt/live/vinacircle.info/
      • cert.pem
      • chain.pem
      • fullchain.pem
      • privkey.pem
      • README

B4: CẤU HÌNH VÀO FILE /etc/httpd/conf.d/ssl.conf

    • Các file key:
      • Certificate: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/cert.pem
      • Full Chain: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/fullchain.pem
      • Private Key: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/privkey.pem
    • vim /etc/httpd/conf.d/ssl.conf
      • SSLCertificateFile /etc/letsencrypt/live/tweb.com.vn/cert.pem
      • SSLCertificateKeyFile /etc/letsencrypt/live/tweb.com.vn/privkey.pem
      • SSLCertificateChainFile /etc/letsencrypt/live/tweb.com.vn/fullchain.pem

Part II: Setup SSL Auto-renew

  • crontab -e
  • add: 30 2 * * Sun sudo su && cd /root/certbot-auto renew
Comments are closed.