What is Let's Encrypt?
One of the most popular ways to secure a web site currently is using Let's Encrypt SSL certificates, which are also free. This tutorial will walk you through the process of installing and using Let's Encrypt certificates on a Rocky Linux server.
How to generate Let's Encrypt certificates?
Step 1
Install package certbot along with the certbot-dns-dynudns plugin.
Install package certbot along with the certbot-dns-dynudns plugin.
dnf update -y
dnf install python39 -y
python3.9 --version
pip3 --version
pip3 install --upgrade certbot
pip3 install --upgrade certbot-dns-dynudns
Step 2
The certbot-dns-dynudns plugin will allow certbot to create the necessary TXT record for domain validation purposes. Create the credentials file which will be used by certbot-dns-dynudns authenticate against Dynu API with the API key. The credentials file (e.g. ~/dynu-credentials.ini) should look like below:
The certbot-dns-dynudns plugin will allow certbot to create the necessary TXT record for domain validation purposes. Create the credentials file which will be used by certbot-dns-dynudns authenticate against Dynu API with the API key. The credentials file (e.g. ~/dynu-credentials.ini) should look like below:
dns_dynu_auth_token = df8321c6fZ7bV1C63cU24YeYd435a67g
Step 3
Use certbot to generate the SSL certificate. The following command will generate a set prompts which you will need to answer.
The first prompt expects an email address for important information including renewal notifications.
The next prompt asks you to review and accept the terms of service. Answer 'Y' to continue after you have reviewed the terms of service.
The next prompt is for the domain name of the SSL certificate.
Certbot will communicate with Let's Encryt as well as Dynu to generate the SSL certificate.
Use certbot to generate the SSL certificate. The following command will generate a set prompts which you will need to answer.
certbot --authenticator dns-dynu --dns-dynu-credentials ~/dynu-credentials.ini certonly
The first prompt expects an email address for important information including renewal notifications.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): name@yourdomain.com
The next prompt asks you to review and accept the terms of service. Answer 'Y' to continue after you have reviewed the terms of service.
Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y
The next prompt is for the domain name of the SSL certificate.
Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel): yourdomain.com
Certbot will communicate with Let's Encryt as well as Dynu to generate the SSL certificate.
Requesting a certificate for yourdomain.com Waiting 60 seconds for DNS changes to propagate Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem This certificate expires on 2024-12-08. These files will be updated when the certificate renews. NEXT STEPS: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le