Generate SSL certificate with Let's Encrypt

The goal of this article is to provide you the steps needed to generate a trusted SSL certificate using Let's Encrypt.


ONLY FOR CENTOS

Backup private key and certificate

Before running the SSL certificate generation, backup the existing private key and the certificate:

mv /etc/pki/tls/private/motion.key /etc/pki/tls/private/motion.key.bak
mv /etc/pki/tls/certs/motion.crt /etc/pki/tls/certs/motion.crt.bak


Install package dependencies

Connect to your server through SSH console and install the following packages:

yum install epel-release
yum install certbot

Obtaining a Certificate

TCP port 80 must be open to your server in order to obtain the certificate


Before obtaining the certificate, stop nginx service and be sure that no service is running on TCP port 443:

systemctl stop nginx 


Once you installed the certbot package, you can run the command in SSH console and follow the instructions:

certbot certonly --standalone -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS>


At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/archive/<YOUR_DOMAIN> directory.

Install the certificate

Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):

mv /etc/letsencrypt/archive/<YOUR_DOMAIN>/privkey1.pem /etc/pki/tls/private/motion.key
mv /etc/letsencrypt/archive/<YOUR_DOMAIN>/fullchain1.pem /etc/pki/tls/certs/motion.crt

Restart services

Restart Asterisk and Nginx services in order to apply changes:

systemctl restart asterisk
systemctl start nginx


ONLY FOR DEBIAN

Backup private key and certificate

Before running the SSL certificate generation, backup the existing private key and the certificate:

mv /etc/ssl/private/motion.key /etc/ssl/private/motion.key.bak
mv /etc/ssl/certs/motion.crt /etc/ssl/certs/motion.crt.bak


Install package dependencies

Connect to your server through SSH console and install the following packages:

apt -y install certbot

Obtaining a Certificate

TCP port 80 must be open to your server in order to obtain the certificate


Before obtaining the certificate, stop nginx service and be sure that no service is running on TCP port 443:

systemctl stop nginx 


Once you installed the certbot package, you can run the command in SSH console and follow the instructions:

certbot certonly --standalone -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS>


At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/live/<YOUR_DOMAIN> directory.

Install the certificate

Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):

cp /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey1.pem /etc/ssl/private/motion.key
cp /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain1.pem /etc/ssl/certs/motion.crt

Restart services

Restart Asterisk and Nginx services in order to apply changes:

systemctl restart asterisk
systemctl start nginx