Get Certificates for Webserver

Use letsencrypt

https ssl install

Instruction from https://certbot.eff.org/lets-encrypt/centosrhel7-apache

Once installed, add certificate with: sudo certbot --apache

Renew certificates: sudo certbot renew

crontab (auto renew) sudo crontab -e

# Minute   Hour   Day of Month       Month          Day of Week        Command
# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)
1       7       *       *       1       /usr/bin/certbot renew --quiet

Ubuntu

DNS

A Record: @ 12.13.14.15
CNAME Record: www domain.com 

vhost

Rewrite Engine added by certbot

<VirtualHost>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/domain
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com [OR]
RewriteCond %{SERVER_NAME} =domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

certbot

Eén domein heeft meerdere sub-domeinen: meldt ze in één keer aan.

Komt er één bij dan de complete regel opnieuw invoeren.

sudo certbot --apache -d domain.com -d www.domain.com

certbot - other

// delete
sudo certbot delete

//list
sudo certbot certificates

--