Tutorial Simple way to get free ssl ceritficates to your website for lifetime in Debian 8 (Jessie) both apache , NGINX

luckyhemanth

Member
Joined
Jun 6, 2017
Messages
33
Points
37
Location
R4P3 HQ
If you are using apache follow these steps.if you are using NGINX scroll below.

Installing ssl certificates is important to get urself a green lock :p
-> login to ssh as root
->type the following commands in the same order..
1) apt-get install sudo
2) echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list
3) sudo apt-get update
4) sudo apt-get install python-certbot-apache -t jessie-backports
5) sudo nano /etc/apache2/sites-available/000-default.conf

->now here fill it like this
<VirtualHost *:80>
. . .
ServerName yourdomain.com
ServerAlias www.yourdomain.com
. . .
</VirtualHost>

type the commands in the ssh as root
6) sudo systemctl restart apache2
7) sudo certbot --apache

-> to get those certificates for life time u have to do a simple process
8) sudo crontab -e
choose 1 st option
Include the following content at the end of the crontab, all in one line
30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
-> save the file by pressing "F2" then press "Y" then hit Enter key
9) service apache2 restart




If you are using NGINX follow the below steps:

-> login to ssh as root
->type the following commands in the same order..
1) apt-get install sudo
2) echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list
3) sudo apt-get update
4) sudo apt-get install certbot -t jessie-backports

To ensure that the directory is accessible to Let's Encrypt for validation, let's make a quick change to our Nginx configuration. By default, it's located at /etc/nginx/sites-available/default. We'll use nano to edit it:

5) sudo nano /etc/nginx/sites-available/default

Inside the server block, add this location block:

location ~ /.well-known {
allow all;
}


type the commands in the ssh as root
6) sudo systemctl restart nginx

in the next step use your website domain in place of example.com
7) sudo certbot certonly -a webroot --webroot-path=/var/www/html -d example.com -d www.example.com

After certbot initializes, you will be prompted to enter your email and agree to the Let's Encrypt terms of service. Afterwards, the challenge will run. If everything was successful, you should see an output message that looks something like this:

Output:IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert
will expire on 2017-09-05. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

You will want to note the path and expiration date of your certificate, which was highlighted in the example output.

Before we go any further, let's back up our current server block file:

8) sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak

Now, open the server block file to make adjustments:
9) sudo nano /etc/nginx/sites-available/default

in that doc fill it like this "server_name example.com www.example.com " in this line example.com is your domain

server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;

server_name example.com www.example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;

. . .

Save and close the file when you are finished.

10) sudo systemctl restart nginx

-> to get those certificates for life time u have to do a simple process
11) sudo crontab -e
choose 1 st option
Include the following content at the end of the crontab, all in one line

30 2 * * * /usr/bin/certbot renew --noninteractive --renew-hook "/bin/systemctl reload nginx" >> /var/log/le-renew.log

-> save the file by pressing "F2" then press "Y" then hit Enter key
12) sudo systemctl restart nginx


done njoy your lifetime ssl certificates :)
hit like if you like this tutorial
 
Last edited:

fyfywka

Contributor
Joined
Sep 10, 2015
Messages
110
Points
103
Location
Headquarters KGB
I use nginx + letsencrypt
cron:
30 5 * * 1 sudo letsencrypt renew
35 5 * * 1 sudo service nginx reload
 

luckyhemanth

Member
Joined
Jun 6, 2017
Messages
33
Points
37
Location
R4P3 HQ
but in this tut you will get certs for lifetime :) . But its a lil bit hard for nginx users compared to apache2 users ;)
 

Top