{"id":545,"date":"2019-02-03T09:12:40","date_gmt":"2019-02-03T09:12:40","guid":{"rendered":"http:\/\/www.tinone71.com\/?p=545"},"modified":"2022-03-19T13:53:42","modified_gmt":"2022-03-19T12:53:42","slug":"generate-ssl-certificates-with-letsencrypt-on-debian-linux","status":"publish","type":"post","link":"https:\/\/www.tinone71.com\/wp\/?p=545","title":{"rendered":"Generate SSL Certificates With LetsEncrypt on Debian Linux"},"content":{"rendered":"<div style=\"\" class=\"ssag-opads-main     \" ><\/div>\n<pre class=\"wp-block-preformatted\">thanks to linuxconf.org for article.<br><br>Introduction<br>In case you haven't realized already, encryption is important. For the web, that means using SSL certificates to secure web traffic. Recently, Mozilla and Google have gone as far as to mark sites without SSL certificates as insecure in Firefox and Chrome.&nbsp;<br><br><br><br>In order to bring the Web up to speed with encryption, the Linux Foundation along with the Electronic Frontier Foundation and many others created LetsEncrypt. LetsEncrypt is a project designed to allow users access to free SSL certificates for their websites. To date, LetsEncrypt has issued millions of certificates and is a resounding success.&nbsp;<br><br>Making use of LetsEncrypt is easy on Debian, especially when using the Certbot utility from the EFF.Operating System<br><strong>OS<\/strong>: Debian Linux<br><strong>Version<\/strong>: 9 (Stretch)<br>Installing for Apache<br>Certbot has a specialized installer for the Apache server. Debian has this installer available in its repositories.# apt install python-certbot-apache<br>The package provides the&nbsp;<code>certbot<\/code>&nbsp;command. The Apache plugin interfaces with the Apache server to discover information about your configurations and the domains that it is generating certificates for. As a result, generating your certificates requires only a short command.# certbot --apache<br>Certbot will generate your certificates and configure Apache to use them.<br><br>&nbsp;<br><br>Auto-Renew with Cron<br>Whether you're using Apache or Nginx, you will need to renew your certificates. Remembering to do so can be a pain, and you definitely don't want them to lapse. The best way to handle renewing your certificates is to create a cron job that runs twice a day. Twice daily renewals are recommended because they guard against certificates lapsing due to revocation, which can happen from time to time. To be clear, though, they don't actually renew each time. The utility check if the certs are out of date or will be within thirty days. It will only renew them if they meet the criteria.&nbsp;<br><br>First, create a simple script that runs Certbot's renewal utility. It's probably a good idea to put it in your user's home directory or a scripts directory so it doesn't get served.#! \/bin\/bash certbot renew -q <br>Don't forget to make the script executable too.$ chmod +x renew-certs.sh<br>Now, you can add the script as a cron job. Open up your crontab and add the script.# crontab -e<br>* 3,15 * * * \/home\/user\/renew-certs.sh<br>Once you exit, the script should run every day at 3 a.m. and 3 p.m. by the server's clock.Closing Thoughts<br>Encrypting your web server protects both your guests as well as yourself. Encryption will also continue to play a role in which sites are displayed in browsers, and it's not much of a stretch to assume that it will also play a role in SEO. Any way you look at it, encrypting your web server is a good idea, and LetsEncrypt is the easiest way to do it.<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>thanks to linuxconf.org for article.IntroductionIn case you haven&#8217;t realized already, encryption is important. For the web, that means<\/p>\n","protected":false},"author":1,"featured_media":1005,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[11,3],"tags":[26,25],"_links":{"self":[{"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/545"}],"collection":[{"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=545"}],"version-history":[{"count":3,"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/545\/revisions"}],"predecessor-version":[{"id":549,"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/545\/revisions\/549"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=\/wp\/v2\/media\/1005"}],"wp:attachment":[{"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tinone71.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}