Let's Encrypt  Let's Encrypt

What is Let's Encrypt?


One of the most popular ways to secure a web site currently is using Let's Encrypt SSL certificates, which are also free. This tutorial will walk you through the process of installing and using Let's Encrypt certificates on a Rocky Linux server.

How to generate Let's Encrypt certificates?


Listing Item Step 1

Install package certbot along with the certbot-dns-dynudns plugin.

dnf update -y
dnf install python39 -y
python3.9 --version
pip3 --version

pip3 install --upgrade certbot
pip3 install --upgrade certbot-dns-dynudns
Listing Item Step 2

The certbot-dns-dynudns plugin will allow certbot to create the necessary TXT record for domain validation purposes. Create the credentials file which will be used by certbot-dns-dynudns authenticate against Dynu API with the API key. The credentials file (e.g. ~/dynu-credentials.ini) should look like below: 

dns_dynu_auth_token = df8321c6fZ7bV1C63cU24YeYd435a67g

LetsEncrypt API Key
Listing Item Step 3

Use certbot to generate the SSL certificate. The following command will generate a set prompts which you will need to answer.

certbot --authenticator dns-dynu --dns-dynu-credentials ~/dynu-credentials.ini certonly

The first prompt expects an email address for important information including renewal notifications. 

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): name@yourdomain.com

The next prompt asks you to review and accept the terms of service. Answer 'Y' to continue after you have reviewed the terms of service. 

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

The next prompt is for the domain name of the SSL certificate. 

Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): yourdomain.com

Certbot will communicate with Let's Encryt as well as Dynu to generate the SSL certificate. 

Requesting a certificate for yourdomain.com
Waiting 60 seconds for DNS changes to propagate
 
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/yourdomain.com/privkey.pem
This certificate expires on 2024-12-08.
These files will be updated when the certificate renews.
 
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
* Donating to EFF:                    https://eff.org/donate-le

Loading...