Select Page

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118

Notice: A non well formed numeric value encountered in /srv/www/public_html/atif.rocks/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
  • Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
  • Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
  • Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

 

Install CertAuto

First you need to download the certauto application.

 

In case of Centos 6 you need to download it from https://dl.eff.org/certbot-auto

Download the file in /srv  or /root  or your home folder

 

Now you create the certificate by running this command

 

Add your email address and click OK

then click Agree to accept the terms of service

Copy and save the output

 

Generate Strong Diffie-Hellman Group

To further increase security, you should also generate a strong Diffie-Hellman group. To generate a 2048-bit group, use this command:

 

This may take a few minutes but when it’s done you will have a strong DH group at /etc/ssl/certs/dhparam.pem.

 

Configure TLS/SSL on Web Server

 

Set Up Auto Renewal

Create a cronjob to renew the certificate automatically. The following command opens the crontab with nano.

 

paste the following configuration to run the cron everyweek. It runs the certbot-auto renew and saves the out put in a log file. 5 mins later it reloads the nginx config to use the new certificate.

 

Reference Articles

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-centos-7

https://certbot.eff.org/all-instructions/#centos-rhel-6-nginx