Generate SSL certificate with Let's Encrypt
- Former user (Deleted)
- Valerio Ciotta
- Diego Gosmar (Unlicensed)
The goal of this article is to provide you the steps needed to generate a trusted SSL certificate using Let's Encrypt.
ONLY FOR CENTOS
Backup private key and certificate
Before running the SSL certificate generation, backup the existing private key and the certificate:
mv /etc/pki/tls/private/motion.key /etc/pki/tls/private/motion.key.bak mv /etc/pki/tls/certs/motion.crt /etc/pki/tls/certs/motion.crt.bak
Install package dependencies
Connect to your server through SSH console and install the following packages:
yum install epel-release yum install certbot
Obtaining a Certificate
TCP port 80 must be open to your server in order to obtain the certificate
Before obtaining the certificate, stop nginx service and be sure that no service is running on TCP port 443:
systemctl stop nginx
Once you installed the certbot package, you can run the command in SSH console and follow the instructions:
certbot certonly --standalone -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS>
At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/archive/<YOUR_DOMAIN> directory.
Install the certificate
Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):
mv /etc/letsencrypt/archive/<YOUR_DOMAIN>/privkey1.pem /etc/pki/tls/private/motion.key mv /etc/letsencrypt/archive/<YOUR_DOMAIN>/fullchain1.pem /etc/pki/tls/certs/motion.crt
Restart services
Restart Asterisk and Nginx services in order to apply changes:
systemctl restart asterisk systemctl start nginx
ONLY FOR DEBIAN
Backup private key and certificate
Before running the SSL certificate generation, backup the existing private key and the certificate:
mv /etc/ssl/private/motion.key /etc/ssl/private/motion.key.bak mv /etc/ssl/certs/motion.crt /etc/ssl/certs/motion.crt.bak
Install package dependencies
Connect to your server through SSH console and install the following packages:
apt -y install certbot
Obtaining a Certificate
TCP port 80 must be open to your server in order to obtain the certificate
Before obtaining the certificate, stop nginx service and be sure that no service is running on TCP port 443:
systemctl stop nginx
Once you installed the certbot package, you can run the command in SSH console and follow the instructions:
certbot certonly --standalone -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS>
At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/live/<YOUR_DOMAIN> directory.
Install the certificate
Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):
cp /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey1.pem /etc/ssl/private/motion.key cp /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain1.pem /etc/ssl/certs/motion.crt
Restart services
Restart Asterisk and Nginx services in order to apply changes:
systemctl restart asterisk systemctl start nginx