Manually generating LetsEncrypt certificate

calendar2020-06-07 · 2 min read · sslcert tlscert manual letsencrypt  ·
Share on: linkedincopy

In cases where you don't want to disrupt current production server, this is a good approach

1mkdir /opt/letsencrypt
2cd /opt/letsencrypt
3wget https://dl.eff.org/certbot-auto
4chmod a+x certbot-auto
5sudo ./certbot-auto --apache certonly

Sample run as follows:

 1[root@687elmp01 letsencrypt]# sudo ./certbot-auto --apache certonly
 2Saving debug log to /var/log/letsencrypt/letsencrypt.log
 3Plugins selected: Authenticator apache, Installer apache
 4Enter email address (used for urgent renewal and security notices) (Enter 'c' to
 5cancel): me@example.com
 6 
 7-------------------------------------------------------------------------------
 8Please read the Terms of Service at
 9https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
10agree in order to register with the ACME server at
11https://acme-v01.api.letsencrypt.org/directory
12-------------------------------------------------------------------------------
13(A)gree/(C)ancel: A
14 
15-------------------------------------------------------------------------------
16Would you be willing to share your email address with the Electronic Frontier
17Foundation, a founding partner of the Let's Encrypt project and the non-profit
18organization that develops Certbot? We'd like to send you email about EFF and
19our work to encrypt the web, protect its users and defend digital rights.
20-------------------------------------------------------------------------------
21(Y)es/(N)o: Y
22 
23Which names would you like to activate HTTPS for?
24-------------------------------------------------------------------------------
251: example.com
262: api.example.com
273: manage.example.com
284: new.example.com
295: api.new.example.com
306: manage.new.example.com
317: www.example.com
32-------------------------------------------------------------------------------
33Select the appropriate numbers separated by commas and/or spaces, or leave input
34blank to select all options shown (Enter 'c' to cancel): 1 7
35Obtaining a new certificate
36Performing the following challenges:
37http-01 challenge for example.com
38http-01 challenge for www.example.com
39Waiting for verification...
40Cleaning up challenges
41 
42IMPORTANT NOTES:
43 - Congratulations! Your certificate and chain have been saved at:
44   /etc/letsencrypt/live/example.com/fullchain.pem
45   Your key file has been saved at:
46   /etc/letsencrypt/live/example.com/privkey.pem
47   Your cert will expire on 2018-08-29. To obtain a new or tweaked
48   version of this certificate in the future, simply run certbot-auto
49   again. To non-interactively renew *all* of your certificates, run
50   "certbot-auto renew"
51 - Your account credentials have been saved in your Certbot
52   configuration directory at /etc/letsencrypt. You should make a
53   secure backup of this folder now. This configuration directory will
54   also contain certificates and private keys obtained by Certbot so
55   making regular backups of this folder is ideal.
56 - If you like Certbot, please consider supporting our work by:
57 
58   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
59   Donating to EFF:                    https://eff.org/donate-le
...

Some details in https://certbot.eff.org/lets-encrypt/centos6-apache.html