Run this command on the command line on the machine to install Certbot.
sudo dnf install certbot certbot-apache
[root@systemq06 ~]# find / -name certbot /etc/sysconfig/certbot /usr/share/licenses/certbot /usr/share/doc/certbot /usr/bin/certbot /usr/lib/python3.7/site-packages/certbot
# Automated renewal of certificates The Fedora certbot package includes an optional systemd timer to handle renewals. This timer is set to run daily, with a random fudge factor of a 6 hours applied. To enable the timer based renewals: ``` systemctl enable --now certbot-renew.timer ``` The timer makes use of /etc/sysconfig/certbot to customise the behaviour. Unless there is a plugin that automates restarts (eg the apache plugin) it is important to configure a command to restart anything that uses the certificates
https://letsencrypt.org/sv/getting-started/
https://certbot.eff.org/
https://certbot.eff.org/lets-encrypt/fedora-apache
Install Certbot
sudo certbot --apache
blank to select all options shown (Enter 'c' to cancel): 3,5,4,6
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.qwert.se/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.qwert.se/privkey.pem
Your cert will expire on 2020-05-11. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
Efter 2020-10-05
[root@systemq06 8.3]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: bk26.se
2: wm.cyberstore.se
3: bridge.ggplus.se
4: matrikel.ggplus.se
5: bridge.klevefors.se
6: www.qwert.se
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/www.qwert.se.conf)
It contains these names: bridge.ggplus.se, bridge.klevefors.se,
matrikel.ggplus.se, www.qwert.se
You requested these names for the new certificate: bk26.se, wm.cyberstore.se,
bridge.ggplus.se, matrikel.ggplus.se, bridge.klevefors.se, www.qwert.se.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bk26.se
http-01 challenge for bridge.ggplus.se
http-01 challenge for bridge.klevefors.se
http-01 challenge for matrikel.ggplus.se
http-01 challenge for wm.cyberstore.se
http-01 challenge for www.qwert.se
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/bk26.se-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/bk26.se-le-ssl.conf
Created an SSL vhost at /etc/httpd/conf.d/wm.cyberstore.se-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/wm.cyberstore.se-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/bridge.ggplus.se-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/matrikel.ggplus.se-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/bridge.klevefors.se-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/www.qwert.se-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency.
Redirecting vhost in /etc/httpd/conf.d/bk26.se.conf to ssl vhost in /etc/httpd/conf.d/bk26.se-le-ssl.conf
Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency.
Redirecting vhost in /etc/httpd/conf.d/wm.cyberstore.se.conf to ssl vhost in /etc/httpd/conf.d/wm.cyberstore.se-le-ssl.conf
Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency.
Redirecting vhost in /etc/httpd/conf.d/bridge.ggplus.se.conf to ssl vhost in /etc/httpd/conf.d/bridge.ggplus.se-le-ssl.conf
Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency.
Redirecting vhost in /etc/httpd/conf.d/matrikel.ggplus.se.conf to ssl vhost in /etc/httpd/conf.d/matrikel.ggplus.se-le-ssl.conf
Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency.
Redirecting vhost in /etc/httpd/conf.d/bridge.klevefors.se.conf to ssl vhost in /etc/httpd/conf.d/bridge.klevefors.se-le-ssl.conf
Enhancement redirect was already set.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://bk26.se,
https://wm.cyberstore.se, https://bridge.ggplus.se, https://matrikel.ggplus.se,
https://bridge.klevefors.se, and https://www.qwert.se
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=bk26.se
https://www.ssllabs.com/ssltest/analyze.html?d=wm.cyberstore.se
https://www.ssllabs.com/ssltest/analyze.html?d=bridge.ggplus.se
https://www.ssllabs.com/ssltest/analyze.html?d=matrikel.ggplus.se
https://www.ssllabs.com/ssltest/analyze.html?d=bridge.klevefors.se
https://www.ssllabs.com/ssltest/analyze.html?d=www.qwert.se
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.qwert.se/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.qwert.se/privkey.pem
Your cert will expire on 2021-01-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le