How to Request SSL Certificates with Let's Encrypt and Certbot

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome everybody my name is Herbert and in this video we're going to be requesting a let's encrypt certificate with certbox now before we start there's a few things you need to make sure that you have in order before you start actually requesting these certificates first of all make sure that whatever domain name you need a certificate for is pointing to the server that you're requesting this from so right now we are going to be requesting a certificate for a domain name and also for a subject alternate name also known as a San and that San is going to be like a secondary domain or a secondary domain name or subdomain name that points to that exact same server but also needs to have certificate validation and this a good example of this is like like your domain name.com or www dot your domainname.com so we're going to be needing both because some people still use www dot some people just use the domain name to go to a specific web server so we need to make sure that it's all okay now first of all we're gonna need to install certbox so let's go ahead and do that so let's do sudo apt install third bot and if you're running on a red hat based machine you're going to be using a different package manager like yum but I believe it's just the same just like sudo yum install searchbot all right okay so it's installed now and now we can actually just run the command but first of all make sure that any service running on Port 80 is shut down so let's say that you're running Apache or something like that you're gonna need to shut down that service because that Port 80 is in use and we're going to be using the HTTP challenge you could also use a DNS challenge but it's a lot more cumbersome to do like automatic Renewables and things like that so make sure that you don't have that service running so you can check that by for example uh if you do a system system CTO status Apache 2 for example we know that Apache 2 isn't running on this machine because I didn't install it but if you would be running an Apache server or an nginx server or any type of service that's running on Port 80 make sure you shut that down first because otherwise certbot is not going to be able to bind itself to that Port because it's already in use with that out of the way I have the command right here so we're going to be using the third bottle that we just installed so this is a lot to digest so I'll just go over it real quick so we're going to be doing sudo third bot we're going to be requesting the cert only Standalone and then preferred challenges it's going to be HTP and then the domain names will be certificate demo.hurbertcheck.com this is just like a test domain that I created and then the second one is going to be www.certificate.demo.herbertech.com now what this is going to be doing is it's going to be creating the files but it's not going to be configuring anything now there are ways to do this automatically for let's say Apache but I wanted to make this video like an all-round approach where you can just have the certificates and not have it only be for like Apache for example um we're also going to be doing the automatic renewal once we requested this but for now we're just going to be requesting this certificates and this shouldn't be any problem we should be able to just run this and now it's going to ask us for an email address I'm just going to put something random in here you can put your own email address in here of course because you'll get email notifications that your certificate is going to expire soon so that's really really handy so for this it's just something I'll just do test at testing.com uh we'll do yes uh yeah sure you can send an email to that email address nobody's going to read it but anyway there we go that's how long it takes it's already done and have a look at the output here so we have a certificate file that's saved over here so that's the full chain.pem and then key is saved add this over here so that's the private key and that private key is going to be very important basically the certificate is the actual certificate that you see when you visit the website and it's like it's still verified you know the little lock icon you have over uh somewhere like like we did with this project over here we have this little lock so this is the actual certificate here and then the key is going to be that private key and this should never leave your server there are some exceptions where you have to move the private key around sometimes you know I'm not going to say that it's like a no-go but generally speaking you should leave that key on the server where it was uh where when you did the request from right and it says over here that this certificate expires on uh 20 23 12th of May and then also it says that third bot has set up a scheduled task to automatically renew this certificate in the background now of course you're probably wondering like where is this scheduled task I can't see it anywhere and usually when you schedule a task you should see it in like uh in like the crown type right so it should be able to uh uh you should be able to do the cront tab minus E and we'll do Nano doesn't really matter and you should see this uh cront tab file here and there should be like an extra entry over here but that's not how certbot does it by uh when you install it through apt instead whoops I of course yeah and uh uh I'm not running in Vim there we go so where you can actually find this you can just do system CTL list timers and then if you go to the right over here we'll see that this third bot that timer is in here and that activates the third bot.service and if we go into thirdwatch.service let's do sudo oh let's do system CTL status third bot dot service it should say that it's loaded but it's inactive so we'll see here what this actually does so we'll do Vim I'll go into this thing over here and it will just do this that's all what it it will do and it's it's like a One-Shot service so it's not going to be running in the background but it's actually a service that just runs a third bot renew in the background quietly and it does this let's go back here uh oops it does this every six hours or so I believe so we have six hours left here and the third battle timer so that's what it actually does so it's just a One-Shot service it just runs once and it automatically renews your certificates so that's all you all you should do and you could maybe just remove this service or just remove this timer as well uh that's a possibility and you can just use your own cron type file so uh cront tab is going to be something that you maybe have a little bit more control over but you know using the systemd timer I think it's already a very good solution so that's about it now you have your certificate and you have your key and you can use this for any type of application I'm using it for an Apache server that I'm running I kind of like using the certificates by themselves rather than using the automatic Apache configuration of the search bar tool but you know that's personal preference and also again like I said in the beginning of the video this is like an like an all-round approach uh this is something that you can use for any type of application uh so it's not only for Apache right so you just have your certificate files and then you can start using them uh the way you want to so that's about it for me guys thank you so much for watching and if you enjoyed the video hit the like button and if you want to see more of my videos please subscribe and I will see you in the next one bye

Info

Channel: Herbertech

Views: 7,962

Rating: undefined out of 5

Keywords: the it guy, herbertech

Id: 7haN-Aghlso

Channel Id: undefined

Length: 8min 30sec (510 seconds)

Published: Fri Feb 17 2023