Skip to content

Let's Encrypt with Certbot

1. Introduction

This post is going to introducing how to encrypt your website using HTTPS, with Certbot.

All the steps based on CentOS/RHEL(Red Hat Enterprise Linux).

2. Environment Requirements

  • OS: CentOS/RHEL
  • Packages: certbot (Optional: certbot-dns-cloudflare)
  • HostName: example.com

3. Install Certbot

Install certbot on your system with dnf package manager: 

sudo dnf install python3-certbot

If you wish to use dns-01 challenge, we take cloudflare as an example, you should install certbot-dns-cloudflare plugin: 

sudo dnf install python3-certbot-dns-cloudflare

3. Steps to Encrypt Sites

(1). A/AAAA Record Setting

Make sure you have set your hostname to your host ip.

(2). Config Firewall

Allow port 80 on your host: 

sudo firewall-cmd --add-port=80/tcp

(3). Issuing SSL Certificates with Certbot

Using the following command to issue a SSL certificate from Let's Encrypt 

sudo certbot certonly -d example.com
The private key and public key will be stored in folder /etc/letsencrypt/live/example.com/.

(4). Config Your Site with SSL Certificates

This is not the keypoint of this post, configuration should be varies depending on the web server used. Please refer to other resources online.

Optional-1. Config Nginx with Certbot automatically

If you are using Nginx, it would be convenient by using --nginx parameter, replace the command in step(3): 

sudo certbot certonly -d example.com --nginx
Then all configurations will be done in nginx file located in /etc/nginx/conf.d/example.com.conf

Optional-2. Issue with dns-01

The dns_cloudflare plugin automates the process of completing a dns-01 challenge (DNS01) by creating, and subsequently removing, TXT records using the Cloudflare API.

The following command will do this operation: 

sudo certbot certonly \
    --dns-cloudflare \
    --dns-cloudflare-credentials ~/PATH_TO_CF_KEY/cf_key.txt \

In this section, cf_key.txt contains the API TOKEN or Global API Key from Cloudflare, here is the example of this two structure: 

# Cloudflare API token used by Certbot
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567


# Cloudflare API credentials used by Certbot
dns_cloudflare_email = cloudflare@example.com
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234

REF

[1].https://certbot-dns-cloudflare.readthedocs.io/en/stable/

[2].https://developers.cloudflare.com/fundamentals/api/get-started/create-token/

[3].https://developers.cloudflare.com/fundamentals/api/get-started/keys/