Letsencrypt is what we use to generate our SSL certificates (allows for HTTPS usage). Below are instructions using certbot to generate your certificates.
Generating Certificates
Each domain has a line as -d domain.com
within the command. You can add more domains by simply adding a listing in that format and executing the command all at once.
Running this command will get a certificate for you and have Certbot edit your Apache (specified with the option “–apache”) configuration automatically to serve it. The option “–redirect” will set the domain to redirect HTTP to HTTPS.
To generate certificates, execute the commands below:
Centos: 8
sudo /usr/local/bin/certbot-auto --apache --redirect -d domain.tld
Centos:
cd /usr/local/letsencrypt && ./letsencrypt-auto --apache --redirect -d example.com -d www.example.com
Ubuntu:
sudo certbot --apache --redirect -d example.com -d www.example.com
Auto Renewal
The packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. Run the command below to execute this (add the option “–dry-run” to test first):
Centos
cd /usr/local/letsencrypt && ./letsencrypt-auto renew
Ubuntu
sudo certbot renew
Deleting Certificates
If you need to delete a certificate, the best way is to use the command below (a manual deletion will not remove the link to that certificate as it is recorded in LetsEncrypt):
Centos
cd /usr/local/letsencrypt && ./certbot-auto delete --cert-name example.com
Ubuntu
sudo certbot delete --cert-name example.com