Running Let’s Encrypt under Apache (on AWS)
One-off command:
sudo yum install certbot-apache
Move existing SSL config out of the way:
sudo mkdir ../conf.off
sudo mv ssl.conf ../conf.off/
sudo systemctl restart httpd
Create a certificate:
sudo certbot-2 --apache
Answer the questions, substituting your domain for “YOUR.DOMAIN.COM”:
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: YOUR.DOMAIN.COM
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for YOUR.DOMAIN.COM
Performing the following challenges:
http-01 challenge for das.salina.ai
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration
Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://YOUR.DOMAIN.COM
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem
Your certificate will expire on 2022-06-14. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
Set up a cron job to renew the certificate via sudo crontab -l
00 06 * * * certbot-2 certonly --apache --domains YOUR.DOMAIN.COM -n
Look in /var/log/letsencrypt for messages.