jack2jm/SSL Domain Using Certbot

## SSL Domain Using Certbot
********** Add A Record ***********
1.An A record with @ pointing to your server’s public IP address.
2. An A record with www pointing to your server’s public IP address.

************* check if apache installed or not *****
      sudo apache2ctl configtest    -> it will return not found commmand
      install
                 sudo apt update
                 sudo apt install apache2
                 sudo ufw app list //check firewall list


*******************  Installing Certbot ******************
First, add the repository:
      Command:    sudo add-apt-repository ppa:certbot/certbot

Install Certbot’s Apache package with apt:
                  sudo apt install certbot python3-certbot-apache
      Command:    sudo apt install python-certbot-apache

****************** Check System status ****************888
sudo apache2ctl configtest

******** Check apache 443 port is listening or not *****
netstat -ltn   (check 443 port is listen or not)

***** Enable SSL Module - if netstat command not listening 443 *******
sudo a2enmod ssl

***************** UFW status ****************
sudo ufw status
--------------------  Create Config file for Domain Name  ----------------------

1. sudo nano your_domain.com.conf        // create new file
   past your virtual host file data.

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/yourdomain_directory
        ServerAlias  www.yourdoamin.com
        ServerName yourdoamin.com

        <Directory /var/www/html/yourdomain_directory>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride all
            Order allow,deny
            allow from all
            Require all granted
        </Directory>
</VirtualHost>

Alias /data/alogin "/var/www/html/saasoa/saasoa_backend"
 <Directory /var/www/html/saasoa/saasoa_backend>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Order allow,deny
    allow from all
    Require all granted
</Directory>


2. Ctrl + O & enter. to save data

--------------------------------------------------
3. Add your new config file to apache
    sudo a2ensite your_domain.com.conf

4.----- REstart apache -----
sudo apache2ctl configtest ///syntax check
sudo service apache2 restart

5. install certificate
    sudo certbot --apache -d your_domain -d www.your_domain

6. Give option 2 > http to https redirect.

7. Check Existing certbot
      sudo certbot certificates

8. Renew Certificate
      sudo certbot renew --cert-name find_certificate_name_from_above_command

9. Delete Existing CErtificate -----
  sudo certbot delete --cert-name find_certificate_name_from_above_command

-----------------------------------------------------
Manual SSL installation

1. Run below command
	 sudo certbot certonly --manual --preferred-challenges=dns -d your_domain_name
2. After this - it will give an  Key + Value to add TXT DNS record
	eg. key -> _acme-challenge.your_domain_name
		value -> WKGxnKKyhN83CtmCDjHBTn1Z9iSzg-VhoXofQjq2MIQ234
3. Check txt record for any domain name
	https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.domain name

----------------------------------------------------

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/google
        ServerAlias  www.google.com
        ServerName google.com

        <Directory /var/www/html/google>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride all
            Order allow,deny
            allow from all
            Require all granted
        </Directory>

 Alias /data/alogin "/var/www/html/google_backend"
 <Directory /var/www/html/google_backend>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Order allow,deny
    allow from all
    Require all granted
</Directory>

SSLCertificateFile /etc/letsencrypt/live/google.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/google.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
	******** Add A Record *********
	1.An A record with @ pointing to your server’s public IP address.
	2. An A record with www pointing to your server’s public IP address.

	*********** check if apache installed or not ***
	sudo apache2ctl configtest -> it will return not found commmand
	install
	sudo apt update
	sudo apt install apache2
	sudo ufw app list //check firewall list


	***************** Installing Certbot ****************
	First, add the repository:
	Command: sudo add-apt-repository ppa:certbot/certbot

	Install Certbot’s Apache package with apt:
	sudo apt install certbot python3-certbot-apache
	Command: sudo apt install python-certbot-apache

	**************** Check System status **************888
	sudo apache2ctl configtest

	****** Check apache 443 port is listening or not ***
	netstat -ltn (check 443 port is listen or not)

	*** Enable SSL Module - if netstat command not listening 443 *****
	sudo a2enmod ssl

	*************** UFW status **************
	sudo ufw status
	-------------------- Create Config file for Domain Name ----------------------

	1. sudo nano your_domain.com.conf // create new file
	past your virtual host file data.

	<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html/yourdomain_directory
	ServerAlias www.yourdoamin.com
	ServerName yourdoamin.com

	<Directory /var/www/html/yourdomain_directory>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride all
	Order allow,deny
	allow from all
	Require all granted
	</Directory>
	</VirtualHost>

	Alias /data/alogin "/var/www/html/saasoa/saasoa_backend"
	<Directory /var/www/html/saasoa/saasoa_backend>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride all
	Order allow,deny
	allow from all
	Require all granted
	</Directory>



	2. Ctrl + O & enter. to save data

	--------------------------------------------------
	3. Add your new config file to apache
	sudo a2ensite your_domain.com.conf

	4.----- REstart apache -----
	sudo apache2ctl configtest ///syntax check
	sudo service apache2 restart

	5. install certificate
	sudo certbot --apache -d your_domain -d www.your_domain

	6. Give option 2 > http to https redirect.

	7. Check Existing certbot
	sudo certbot certificates

	8. Renew Certificate
	sudo certbot renew --cert-name find_certificate_name_from_above_command

	9. Delete Existing CErtificate -----
	sudo certbot delete --cert-name find_certificate_name_from_above_command

	-----------------------------------------------------
	Manual SSL installation

	1. Run below command
	sudo certbot certonly --manual --preferred-challenges=dns -d your_domain_name
	2. After this - it will give an Key + Value to add TXT DNS record
	eg. key -> _acme-challenge.your_domain_name
	value -> WKGxnKKyhN83CtmCDjHBTn1Z9iSzg-VhoXofQjq2MIQ234
	3. Check txt record for any domain name
	https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.domain name

	----------------------------------------------------

	<IfModule mod_ssl.c>
	<VirtualHost *:443>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html/google
	ServerAlias www.google.com
	ServerName google.com

	<Directory /var/www/html/google>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride all
	Order allow,deny
	allow from all
	Require all granted
	</Directory>

	Alias /data/alogin "/var/www/html/google_backend"
	<Directory /var/www/html/google_backend>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride all
	Order allow,deny
	allow from all
	Require all granted
	</Directory>

	SSLCertificateFile /etc/letsencrypt/live/google.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/google.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
	</VirtualHost>
	</IfModule>