Skip to content

Instantly share code, notes, and snippets.

Last active March 11, 2019 04:23
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save CedricL46/9495f2d9204fbcb4f772e1fc2c94f22a to your computer and use it in GitHub Desktop.
Save CedricL46/9495f2d9204fbcb4f772e1fc2c94f22a to your computer and use it in GitHub Desktop.
#Install git and upgrade all packages
sudo yum update -y
sudo yum install git
#Get last available version of let's encrypt
git clone
#result :
Cloning into 'letsencrypt'...
remote: Counting objects: 55232, done.
remote: Compressing objects: 100% (55/55), done.
remote: Total 55232 (delta 38), reused 38 (delta 31), pack-reused 55146
Receiving objects: 100% (55232/55232), 17.65 MiB | 4.14 MiB/s, done.
Resolving deltas: 100% (39848/39848), done.
#Adapt let's encrypt to recognize Amazon Linux 2 instance
#(Current version of let's encrypt doesn't do it automatically)
sudo vim /etc/issue
#Add a line with 'Amazon Linux'
#Current version of let's encrypt is looking for it and it is missing in Amazon Linux 2 :
Kernel \r on an \m
Amazon Linux
#Generate a certificate for your domain :
cd letsencrypt/
sudo ./certbot-auto certonly --debug --webroot -w /var/www/html -d -d
#It will ask for a couple informations and then print :
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on DATE. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
#Update httpd ssl conf with certificate infos :
sudo vim /etc/httpd/conf.d/ssl.conf
#look for SSLProtocol (?SSLProtocol) and modify it as follow
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
## Replace SSLCipherSuite line per :
SSLHonorCipherOrder on
## Replace SSLCertificateFile per your certificate :
SSLCertificateFile /etc/letsencrypt/live/
## Same logic for SSLCertificateKeyFile and SSLCertificateChainFile
SSLCertificateKeyFile /etc/letsencrypt/live/
SSLCertificateChainFile /etc/letsencrypt/live/
#Bounce your apache server :
sudo service httpd restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment