Using Let’s encrypt SSL certificates

Letsencrypt certificates are only valid for 90 days so you have to continually renew them.

  1. Install Certbot/Letsencrypt on a Linux system where we will be generating the certificates for our website:
    sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
    sudo yum install -y letsencrypt

2a. Generate the certificate (command):
cd /etc/letsencrypt/ && certbot certonly -d ‘itayemi.com,*.itayemi.com’ –manual

– NOTE: the certbot command prompts you to create a DNS TXT record (you MUST do this before pressing the Enter key to continue!!)
———————————————————————

Please deploy a DNS TXT record under the name
_acme-challenge.itayemi.com with the following value:

obLL0Cludw4VpwXJuMG0AFlRryUbdb0ozHiNrgAvqx8

Before continuing, verify the record is deployed.
———————————————————————

2b. In cPanel, use “Zone Editor” in the “Domains” section to add the TXT record (e.g., _acme-challenge.itayemi.com) with the displayed value (e.g., obLL0Cludw4VpwXJuMG0AFlRryUbdb0ozHiNrgAvqx8)
———————————————————————

2c. In the Linux session, press the Enter key to continue

2d. You are prompted to create a file on your webserver (or website). You MUST do so before pressing the ENTER key to continue:
———————————————————————

Create a file containing just this data:

AKJdNT8vtAwQefuoBWItTxj9-n5K947LhmHPWdTWl0s.vrNHNIC3FVyuv2kJU8JcnmZK_lfarmjV_FDWrtWY1wc

And make it available on your web server at this URL:

http://itayemi.com/.well-known/acme-challenge/AKJdNT8vtAwQefuoBWItTxj9-n5K947LhmHPWdTWl0s
———————————————————————

2e. In cPanel, use the “File Editor” in the “Files” section to create the indicated file http://itayemi.com/.well-known/acme-challenge/vxp4GyEKqvkniMdE_20XCR2RpPiPPjfvhAqgAtC-8Hk with the indicated content e.g., (vxp4GyEKqvkniMdE_20XCR2RpPiPPjfvhAqgAtC-8Hk.vrNHNIC3FVyuv2kJU8JcnmZK_lfarmjV_FDWrtWY1wc)

  • the file is in directory /home2/itayemi/public_html/.well-known/acme-challenge/
  • use the “+File” link to the top left of the “File Manager” page to add the new file
  • then click on the file, and select the “Edit” button to edit the file to add the content,
  • then click the “Save Changes” button, then the “Close” button

———————————————————————


2f. In the Linux session, press the Enter key to continue, the process will complete and display the certificate details e.g.:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/itayemi.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/itayemi.com/privkey.pem
    Your certificate will expire on 2021-09-11. To obtain a new or
    tweaked version of this certificate in the future, simply run
    certbot again. To non-interactively renew all of your
    certificates, run “certbot renew”

for each domain/FQDN, select “Update Certificate” link under the “Actions” column, populate the “Certificate: (CRT)” textbox with the content of the file /etc/letsencrypt/live/itayemi.com/cert.pem on the Linux system, and populate the “Private Key (KEY)” field with the content of the file /etc/letsencrypt/live/itayemi.com/privkey.pem, then click the “Install Certificate” button.

———————————————————————


IMPORTANT NOTES:

  • I then installed a root crontab entry to renew the certificates every 90-days

# crontab -l
# autorenew certificates for *.itayemi.com which should generate new
# valid certificates every 3 months. Note that I still have to login
# to itayemi.com cpanel and update the CRT and Private key fields of each
# defined FQDN with the new certificate generated by certbot
#i.e., cert.pem and privkey.pem
45 2,9,16 1,5,10,15,25,30 * * cd /etc/letsencrypt/ && certbot renew renew

  • INSTALLING THE LETSENCRYPT Certificate in cPanel
  • Login to hihostnow.com.ng (Client Area) -> Select “Services” -> “My Services” from the menu
  • Click on the “Status” button to the right of the target service e.g., itayemi.com
  • Expand the “Actions” menu (left-side of page) and click on “Login to cPanel”
  • In itayemi.com cpanel, select “SSL/TLS” (under the “Security” section)
  • Select “INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS) – Manage SSL sites”
  • For each listed FQDNs/certificate row, select the “Update Certificate” link under the “Actions” column; populate the “Certificate: (CRT)” textbox with the content of the file /etc/letsencrypt/live/itayemi.com/cert.pem on the Linux system, and populate the “Private Key (KEY)” field with the content of the file /etc/letsencrypt/live/itayemi.com/privkey.pem, then click the “Install Certificate” button.

Leave a Reply

Your email address will not be published. Required fields are marked *