Getting SSL certificates with Certbot

Let’s encrypt SSL certificates

Certbot will install free SSL certificates provided by Let’s encrypt and it will also configure Apache related files, all of that automatically by just running the following CLI command, of course first of all you must install certbot, take a look at this article to learn how to install certbot on your Linux CentOS 7.

certbot --apache

Prerequisites

We’ve already mention that the main prerequisite is to have a live website, certbot will check that your website actually has a valid domain name, in case your website have subdomains the bot will also get certificates for them.

Website subdomains – Apache CentOS 7

Running Certbot on a LAB

I’m going to show you the first part on my LAB, and the second part on a real website.

The next step can not be completed on a LAB environment because Certbot will live check your website domain and also its subdomains.

Certbot log

Here you can see the log produced by running certbot on a LAB and cancelling before starting the domain part.

[root@centos7 ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): pepe@argento.com
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: centos7.local.lab
2: java.centos7.local.lab
3: www.java.centos7.local.lab
4: lamp.centos7.local.lab
5: www.lamp.centos7.local.lab
6: php.centos7.local.lab
7: www.php.centos7.local.lab
8: www.centos7.local.lab
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): c
Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

How Certbot works?

Certbot will first search on your server for domain and subdomains, then it will present a list of domains and subdomains found on your server and you have to choose for which of them you want to get the certificates.

Where to go next?

The next step cannot be performed on a LAB where the domain and subdomains are not really live and only exist on your LAB, the challenge part won’t pass and for that reason I’m going to show you the second part on a real website, see following article.