Tag Archives: expiry

Using Let’s encrypt SSL certificates

Posted on by
Reply

Letsencrypt certificates are only valid for 90 days so you have to continually renew them.

– Install letsencrypt (certbot)
# sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# sudo yum install -y letsencrypt

- Generate initial certificate for the domain interactively
# certbot certonly -d 'itayemi.com,*.itayemi.com' --manual

————- output truncated by me ——————-

Please deploy a DNS TXT record under the name
_acme-challenge.itayemi.com with the following value:

w8zN-xGQjCtT8kEOkA-Wt3INaRLZzWmRBXwDnBoEoHs

( – done in cPanel cosole for domain itayemi.com, then press ENTER to continue the certbot setup )
————- output truncated by me ——————-

Create a file containing just this data:

s8yfXSlTZXiFJNR_pd-jKfxJQ06StoCJFSGxDy5oBCM.vrNHNIC3FVyuv2kJU8JcnmZK_lfarmjV_FDWrtWY1wc

And make it available on your web server at this URL:

http://itayemi.com/.well-known/acme-challenge/s8yfXSlTZXiFJNR_pd-jKfxJQ06StoCJFSGxDy5oBCM

( – done in cPanel cosole for domain itayemi.com, then press ENTER to continue the certbot setup )
————- output truncated by me ——————-

————- Summary output at the end of the certbot certification creation command ———–

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/itayemi.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/itayemi.com/privkey.pem
    Your certificate will expire on 2022-03-07. To obtain a new or
    tweaked version of this certificate in the future, simply run
    certbot again. To non-interactively renew all of your
    certificates, run “certbot renew”

————— End of initial certificate creation for itayemi.com ———–

————— Setting up auto-renewal (doesn’t work) ——————————————

# sudo crontab -e
# sudo crontab -l
# auto renewal for itayemi.com certificate created initially on 12/7/2021
45 2 5 3,6,9,12 * /bin/certbot renew

—————- INSTALLING the letsencrypt certificate in cPanel ————
(repeat every 3 months when the certificate is about to expire. start by generating a new certificate using the “certbot certonly …” command above)
– Copy out the updated files (generated by the “certbot renew” cron job) /etc/letsencrypt/live/itayemi.com/cert.pem and /etc/letsencrypt/live/itayemi.com/privkey.pem from the local server
– Login to hihostnow.com.ng (Client Area) -> Select “Services” -> “My Services” from the menu
– Click on the “Status” button to the right of the target service e.g., itayemi.com
– Expand the “Actions” menu (left-side of page) and click on “Login to cPanel”
– In itayemi.com cPanel, select “SSL/TLS” (under the “Security” section)
– Select “INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS) – Manage SSL sites”
– For each listed FQDNs/certificate row, select the “Update Certificate” link under the “Actions” column; populate the “Certificate: (CRT)” textbox with the content of the file /etc/letsencrypt/live/itayemi.com/cert.pem on the Linux system, and populate the “Private Key (KEY)” field with the content of the file /etc/letsencrypt/live/itayemi.com/privkey.pem, then click the “Install Certificate” button.