Skip to content

Instantly share code, notes, and snippets.

@AoiYamada

AoiYamada/certbot setup guideline.md

Last active January 2, 2023 18:16
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save AoiYamada/49a6c3211d8b51d1d6b05a45f73b5297 to your computer and use it in GitHub Desktop.
Save AoiYamada/49a6c3211d8b51d1d6b05a45f73b5297 to your computer and use it in GitHub Desktop.
Download ZIP
Certbot auto renew SSL guideline for CentOS 6, 7
Raw
certbot setup guideline.md

Certbot auto renew SSL guideline for CentOS 6, 7

Sign a ssl cert and renew by cronjob.

Prerequisite

softwares:

  • wget
  • nginx
  • nano

configuration:

  • open iptables 443 port

Step 1 - mkdir

mkdir -p /home/certbot

Step 2 - Download certbot

cd /home/certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

Step 3 - Sign the cert

/home/certbot/certbot-auto --nginx \
--agree-tos --no-eff-email --email {YOUR EMAIL FOR RECIVE CERT RELATED NOTIFICATIONS}

follow the instruction, choose the domain(s) listed on the terminal to sign the cert(s)

Then there should be a success notification shown on the terminal, eg:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/{YOUR MAIN DOMAIN}/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/{YOUR MAIN DOMAIN}/privkey.pem
   Your cert will expire on 2018-09-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Reload nginx

service nginx reload

Step 4 - Test renew SSL Cert

/home/certbot/certbot-auto renew --dry-run

Step 5 - Setup Cronjob for auto renew

crontab -e

Contents:

0 0,12 * * * /home/certbot/certbot-auto renew --renew-hook "service nginx reload"

about cron config, fyr:

https://crontab.guru/

References

https://certbot.eff.org/lets-encrypt/centos6-nginx

https://certbot.eff.org/docs/using.html#renewing-certificates

https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8

https://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/

@sistematico
Copy link

Thank you!

@AoiYamada
Copy link
Author

@sistematico
This notes is outdated

use docker is easier, try this:
https://github.com/wmnnd/nginx-certbot

@SteffanCline
Copy link

The script at https://dl.eff.org/certbot-auto has been taken down. Seems my old CentOS 6 system tried to update from there and now I'm dead in the water. The script file has the 404 error message. Does anyone have a copy of this script they can share? PLEASE?

@sistematico
Copy link

The script at https://dl.eff.org/certbot-auto has been taken down. Seems my old CentOS 6 system tried to update from there and now I'm dead in the water. The script file has the 404 error message. Does anyone have a copy of this script they can share? PLEASE?

Try with pip.

@sistematico
Copy link

sistematico commented Nov 24, 2022
edited

@sistematico This notes is outdated

hmmm, i'm not sure...

use docker is easier, try this: https://github.com/wmnnd/nginx-certbot

My vps can't run docker inside.

@SteffanCline
Copy link

@sistematico thanks for your reply. I finally found a way around the issue.

@dacrypt
Copy link

dacrypt commented Jan 2, 2023

@SteffanCline do you mind to share your solution?

@SteffanCline
Copy link

@dacrypt, I didn't come up with a solution. I was able to just delete it and switch to a newer method.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment