sudo yum update && sudo yum upgrade
Verify git version is more than 2
git --version
If git version below 2.* , upgrade git :
yum install http://opensource.wandisco.com/centos/7/git/x86_64/wandisco-git-release-7-2.noarch.rpm
yum install git #Or yum update git
#verify git is 2.*
git --version
Verify python version is 2.7.*
python --version
update openssl (based on: https://www.howtoforge.com/tutorial/how-to-install-openssl-from-source-on-linux/)
yum group install 'Development Tools'
yum install perl-core zlib-devel -y
See latest openssl release on: https://github.com/openssl/openssl/releases, at this writing time it is: OpenSSL_1_1_1g
cd /tmp
curl -O -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1g.tar.gz
tar -zxvf OpenSSL_1_1_1g.tar.gz
cd openssl-OpenSSL_1_1_1g
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
make
make test
sudo make install
vi /etc/ld.so.conf.d/OpenSSL_1_1_1g.conf
paste in the file:
/usr/local/ssl/lib
Save and quit
Backup existing openssl:
mv /bin/openssl /bin/openssl.BEKUP
vi /etc/profile.d/openssl.sh
Paste in the file
#Set OPENSSL_PATH
OPENSSL_PATH="/usr/local/ssl/bin"
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH
Save and quit
mv /usr/local/ssl /usr/local/ssl_backup
mv /usr/local/openssl /usr/local/ssl
chmod +x /etc/profile.d/openssl.sh
source /etc/profile.d/openssl.sh
#verify:
openssl version -a
export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
cd /opt
#If certbot directory Not exist:
git clone https://github.com/certbot/certbot.git
#If certbot directory exist:
cd /opt/certbot
git pull
yum install letsencrypt
cd /tmp
openssl ecparam -genkey -name secp384r1 | openssl ec -out ec.key
vi cert.conf
Adjust the below according to your domain and paste it in the file:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = 2_LETTER_COUNTRY (e.g US)
ST = 2_LETTER_STATE (e.g NY)
L = CITY_NAME (e.g New York)
O = ORGANIZATION_NAME (e.g ACME inc.)
OU = ORGANIZATION_UNIT (e.g Sales)
CN = DOMAIN (e.g acme.com)
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.domain1.com
DNS.2 = *.domain2.com
DNS.3 = ....
DNS.N = *.domainN.com
openssl req -new -sha256 -key ec.key -nodes -out ec.csr -outform pem -config cert.conf
./certbot-auto certonly --manual --preferred-challenges=dns --email support@YOUR_DOMAIN.COM ---csr /tmp/ec.csr -server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.domain1.com -d *.domain2.com -d *.domainN.com
./certbot-auto certonly --manual --preferred-challenges=dns --email support@YOUR_DOMAIN.COM --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.DOMAIN1.COM -d *.DOMAIN2.com -d *.DOMAINN.com
Take the path of the domain
ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
server_name domain1.com domain2.com domainN.com;