Главная » Linux

Oracle linux 8 install certbot

На чтение 10 мин Просмотров 1 Опубликовано
Содержание
  1. certbot.noarch on Oracle Linux 8
  2. 2. Uninstall / Remove certbot.noarch package
  3. 3. Details of certbot.noarch package
  4. 4. References on Oracle Linux 8
  5. Let’s Encrypt — Free Certificates on Oracle Linux (CertBot)
  6. Installation
  7. Generate New Certificates
  8. Configure Apache
  9. Configure Tomcat
  10. Configure NGINX
  11. Renew Certificates
  12. How to Install Let’s Encrypt on Oracle Linux
  13. Prerequisites
  14. How to Install Let’s Encrypt on Oracle Linux
  15. Installing Certbot on Oracle Linux
  16. Install the Web Server Plugin
  17. Obtain an SSL Certificate
  18. Verify the Let’s Encrypt SSL Certificate
  19. Set Up Let’s Encrypt Automatic Renewal
  20. Conclusion

certbot.noarch on Oracle Linux 8

This guide covers the steps necessary to install certbot.noarch package:

2. Uninstall / Remove certbot.noarch package

Learn how to uninstall certbot.noarch package:

3. Details of certbot.noarch package

Last metadata expiration check: 2:50:38 ago on Mon Sep 12 02:51:38 2022.
Available Packages
Name : certbot
Version : 1.22.0
Release : 1.el8
Architecture : noarch
Size : 54 k
Source : certbot-1.22.0-1.el8.src.rpm
Repository : epel
Summary : A free, automated certificate authority client
URL : https://pypi.python.org/pypi/certbot
License : ASL 2.0
Description : certbot is a free, automated certificate authority that aims
: to lower the barriers to entry for encrypting all HTTP traffic on the internet.

4. References on Oracle Linux 8

fence-agents-ipdu.noarch (4.2.1)

rpm.src (4.14.3)

pcp-pmda-samba.x86_64 (5.3.5)

php56-php-zstd.x86_64 (0.11.0)

traceroute.src (2.1.0)

arp-scan.x86_64 (1.9.7)

lxc-devel.x86_64 (3.0.4)

vmtouch.x86_64 (1.3.1)

mythes-sk.noarch (0.20130130)

bpytop.noarch (1.0.54)

gedit-plugin-joinlines.x86_64 (3.28.1)

hxtools.x86_64 (20150304)

cros-ui-config.noarch (1.0)

python3-matplotlib-data-fonts.noarch (3.0.3)

librdkafka1php.x86_64 (1.9.2)

awesome-vim-colorschemes.noarch

Источник

Let’s Encrypt — Free Certificates on Oracle Linux (CertBot)

Let’s Encrypt is a free, automated, and open certificate authority (CA) that provides digital certificates to enable HTTPS (SSL/TLS) for websites, for free! There are some things to note when using this service.

  • The certificates expire after 3 months, so you need to keep renewing them. This can easily be automated using CertBot.
  • If you are planning to use CertBot, the web server must be publicly visible, as Let’s Encrypt use a challenge mechanism to check you are the administrator of the site. It is also possible to have a private server, with a public DNS entry.
  • There are sites on the net, like SSLForFree, that will help you manually generate certificates for web servers that are not publicly visible, but if you use them you will be responsible for manually changing the certificate every 3 months.

This article shows you how to use Let’s Encrypt to get free certificates for publicly facing web servers. This article uses Oracle Linux 7 as an example, but the process is similar in Oracle Linux 6 also.

Читайте также:  Кеш 1с сервера linux

Installation

The commands in this section need to be run as the «root» user. If you are not the «root» user, add «sudo » in front of every command to run then from your admin user.

For OL7 you will need to enable the «Optional» repository.

# OL7 yum install -y yum-utils yum-config-manager --enable ol7_optional_latest

Enable the EPEL repository for your Oracle Linux version. If you want to use the Oracle Linux repository for this, issue the following command.

# OL7 yum-config-manager --enable ol7_developer_EPEL # OL8 dnf install -y oracle-epel-release-el8

Alternatively, use the official EPEL release.

# OL7 cd /tmp wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh /tmp/epel-release-latest-7.noarch.rpm # OL8 cd /tmp wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm rpm -Uvh /tmp/epel-release-latest-8.noarch.rpm

Install snap. You can get full instructions here.

# OL7 yum install -y snapd systemctl enable --now snapd.socket systemctl start snapd ln -s /var/lib/snapd/snap /snap # OL8 dnf install -y snapd systemctl enable --now snapd.socket systemctl start snapd ln -s /var/lib/snapd/snap /snap
snap install core snap refresh core
snap install --classic certbot ln -s /snap/bin/certbot /usr/bin/certbot

Generate New Certificates

Depending on the operating systems, web server and client being used, there may be a command that will automatically download and install the certificate for you. I prefer to do the configuration myself, so the examples below just downloads a new certificate. They assume you already have the servers running and publicly visible.

# For Apache: /usr/bin/certbot certonly --webroot -w /var/www/html --email root@example.com -d example.com -d www.example.com # For Tomcat: /usr/bin/certbot certonly --webroot -w $CATALINA_HOME/webapps/ROOT --email root@example.com -d example.com -d www.example.com

We have had to provide several bits of information.

  • —webroot : The utility will create a new path under the webroot path called «.well-known/acme-challenge», which contains two automatically generated challenge files. When you request the certificates LetsEncrypt checks the challenge files to make sure you are requesting the certificates for your own webserver.
  • —email : The email address of the web server administrator.
  • -d : The domain name you are requesting the certificate for. It makes sense to get the base domain and the «www.» subdomain. You can also request additional subdomains, but all must be part of the same top-level domain.

The first time you run this command it will install any dependencies using Yum, which is my you need to make sure the correct repositories are enabled in the previous section. It will also ask you to agree to the terms and conditions.

Читайте также:  Alt linux настройка прокси сервер

Once complete you will have a new directory structure created under «/etc/letsencrypt». If you are handling multiple domains from your web server you can make multiple requests, one per domain. You will then see additional domain-specific subdirectories under the «archive» and «live» directories.

/etc/letsencrypt/csr /etc/letsencrypt/archive/example.com /etc/letsencrypt/renewal /etc/letsencrypt/live/example.com /etc/letsencrypt/live /etc/letsencrypt/keys /etc/letsencrypt/accounts

You will also find logs under the following directory.

Configure Apache

The latest certificate for «example.com» will always be under the «/etc/letsencrypt/live/example.com» directory. The certificate entries in your Apache «httpd.conf» file should reference that location, as shown in the example below.

 ServerName example.com Serveralias www.example.com DocumentRoot /var/www/html ErrorLog /var/log/httpd/example.com-error_log CustomLog /var/log/httpd/example.com-access_log combined SSLEngine On SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem SSLCACertificateFile /etc/letsencrypt/live/example.com/chain.pem

Configure Tomcat

You can read how to configure Tomcat to use HTTPS here. This example uses the certificates generated by CertBot.

Configure NGINX

The latest certificate for «example.com» will always be under the «/etc/letsencrypt/live/example.com» directory. The certificate entries in your site-specific configuration file under the «/etc/nginx/conf.d» directory should reference that location, as shown in the example below.

Renew Certificates

Running the following command will renew any certificates that are due for renewal.

To run in silent mode do the following.

/usr/bin/certbot renew --quiet

Use «—post-hook» to run a command if any certificates were replaced. In the example below Apache is restarted if any certificates are renewed.

/usr/bin/certbot renew --quiet --post-hook "systemctl restart httpd"

Adding the following to the crontab will attempt to renew the certificates at 22:00 every day. If a certificate is renewed, Apache will be restarted.

0 22 * * * /usr/bin/certbot renew --quiet --post-hook "systemctl restart httpd"

Hope this helps. Regards Tim.

Created: 2017-01-22 Updated: 2021-09-03

Источник

How to Install Let’s Encrypt on Oracle Linux

How to Install Let's Encrypt on Oracle Linux

Securing your website with an SSL certificate is essential in today’s online world. In this guide, we will show you how to install Let’s Encrypt on Oracle Linux to obtain a free SSL certificate for your domain. Let’s Encrypt is a popular Certificate Authority (CA) that provides free SSL certificates for websites, making it easier and more affordable for website owners to secure their sites.

Prerequisites

Before we begin, make sure you have the following:

  1. An Oracle Linux server with root access
  2. A registered domain name
  3. A web server installed (Apache or Nginx)
  4. Python installed on your server

How to Install Let’s Encrypt on Oracle Linux

Installing Certbot on Oracle Linux

Certbot is the official Let’s Encrypt client that simplifies the process of obtaining and renewing SSL certificates. To install Certbot, run the following commands:

sudo yum install -y epel-release sudo yum install -y certbot

Install the Web Server Plugin

Certbot supports both Apache and Nginx. Depending on the web server you’re using, you need to install the corresponding plugin. If you’re using Apache, run the following command:

sudo yum install -y python2-certbot-apache

For Nginx, run this command:

sudo yum install -y python2-certbot-nginx

Obtain an SSL Certificate

Now that Certbot and the necessary plugin are installed, it’s time to obtain an SSL certificate. If you’re using Apache, run the following command:

sudo certbot --apache -d example.com -d www.example.com

Replace example.com and www.example.com with your domain name and its www subdomain.

Читайте также:  Окно выбора операционной системы линукс

If you’re using Nginx, use this command instead:

sudo certbot --nginx -d example.com -d www.example.com

Certbot will ask for your email address to register your account and send notifications about certificate expiration. It will also ask if you want to share your email with the Electronic Frontier Foundation (EFF). After that, it will automatically configure your web server to use the newly obtained SSL certificate.

Verify the Let’s Encrypt SSL Certificate

To confirm that your SSL certificate is correctly installed and working, visit your website using HTTPS (e.g., https://example.com ). You should see a padlock icon in the address bar, indicating that the connection is secure.

Set Up Let’s Encrypt Automatic Renewal

Let’s Encrypt certificates are valid for 90 days. To avoid manual renewal, set up an automatic renewal process using a cron job. First, open the crontab file:

Add the following line to the file to run the renewal process every day at 3:30 AM:

30 3 * * * /usr/bin/certbot renew --quiet

Save and exit the file. Certbot will now attempt to renew the certificate daily, but it will only perform the renewal if the certificate is less than 30 days away from expiration.

Conclusion

Congratulations! You have successfully installed Let’s Encrypt on your Oracle Linux server and obtained a free SSL certificate for your domain. Now your website is more secure and trustworthy for your visitors.

If you need further assistance with Oracle Linux, check out our other tutorials, such as:

Remember to keep your server and applications up to date, and always follow best security practices to maintain a secure and reliable web presence. Happy hosting!

Источник

Оцените статью
© 2023 Posetke
Adblock
detector