Does this work?

[alexrmacleod]

Web noobie here, got a website running on digital ocean with LAMP install apache2. SSH access. website: www.goeasysmile.com

So do I just follow the: "Steps to install" (which create the appropriate directories)
then: "le.sh that handles all the SSL certificate generation/renewing" (something like "le.sh domain www.goeasysmile.com,goeasysmile.com /var/www/html/ -l")

(i read somewhere that let's encrypt doesn't do multiple subdomains?)

and is that it? my site will have https now with auto renew activated?

Thanks any help appreciated, will wait for your response before moving forward.

Been looking at tutorials like this but they look so long and complicated https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority

Just looking for basic https for my site to remove the "not secure" thing that pops up when people buy stuff with their credit cards.

[davidoster]

Hi Alex.
Yes, you just follow the steps to install and that is it in terms of creating the certificate.
Then you need to say to apache to use this certificate,
something similar to this taken from this page: https://www.digicert.com/ssl-certificate-installation-apache.htm

<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/html2
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
</VirtualHost> 

You need to place a cron job after successful install by running : sudo crontab -e in order to have this running job checking periodically for renewing the certificate, e.g.
0 19 * * 1,3,5 root /root/scripts/rnss.sh > /dev/null 2>&1

where this rnss.sh has someting similar to this:

#!/bin/bash
# example: /root/scripts/le.sh domain www.domain.com,domain.com /path/to/webdomain/files/ -r
service apache reload

[alexrmacleod]

Ok amazing. Thanks @davidoster for the speedy response.

So this is what I am going to attempt.

1: "Steps to install" (which create the appropriate directories)
2: Do this https://www.digicert.com/ssl-certificate-installation-apache.htm (just do step 4 of this tutorial)
3: then create a rnss.sh file in /root/scripts/ with the following

#!/bin/bash
# example: /root/scripts/le.sh domain www.goeasysmile.com,goeasysmile.com /var/www/html/ -r
service nginx reload

(do i need the "example: ")

4: then run sudo crontab -e 0 19 * * 1,3,5 root /root/scripts/rnss.sh > /dev/null 2>&1 command (is this right)?

Do I do step 4 before step 3?

[davidoster]

1. Steps to Install from the readme

2. You go to your apache configuration files (you know where they are) and tell to apache that this (virtual) host uses an SSL certificate. Look on the internet for more

3. Simple approach,
   sudo crontab -e <--- this command opens a text editor for you to add the following line. Just go at the bottom of the file. Again look on the web for details...
   and place something similar to this in there:

0 19 * * 1,3,5 root /root/scripts/le.sh goeasysmile.com www.goeasysmile.com,goeasysmile.com /var/www/html/ -r > /dev/null 2>&1

Please understand that in here I can respond ONLY for issues concerning the letsencrypt-fast script, so for Step 1 only.
If you have questions for Steps 2,3 please do not post them here. These concern server configurations and are not related to this script.

We do provide commercial support if you need to.
Thank you.

[alexrmacleod]

@davidoster thanks again. sorry for asking wrong questions.

[alexrmacleod]

@davidoster so..

1: I did the steps to install: installed successfully
2: then when I cd to root/software to generate the certs and run ./le.sh domain www.goeasysmile.com,goeasysmile.com /var/www/html/ -l I get the following error:

alex@goeasysmile:/root/software$ sudo ./le.sh domain www.goeasysmile.com,goeasysmile.com /var/www/html/ -l
[sudo] password for alex: 
Usage(testing): le.sh domain www.domain.com,domain.com /path/to/webdomain/files/ -t
Usage(live): le.sh domain www.domain.com,domain.com /path/to/webdomain/files/ -l
Usage(renewal - 7 days before expiration automatically): le.sh domain www.domain.com,domain.com /path/to/webdomain/files/ -r

Generating live certificates...
./le.sh: line 50: le.pl: command not found

3: I assume once the certs are generated I can then go do the "go to your apache configuration files (you know where they are) and tell to apache that this (virtual) host uses an SSL certificate"

Questions:
Q1: why can't I generate the certs? perl is installed
Q2: will the certs be stored in /var/www/html/?

alex@goeasysmile:/$ sudo apt-get install perl Reading package lists... Done Building dependency tree Reading state information... Done perl is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 99 not upgraded.

[alexrmacleod]

@davidoster

Found the issue, you need to install Crypt::LE and perl on your server.

Example 1: for Linux. https://zerossl.com/installation.html#p2

[alexrmacleod]

@davidoster ok I know I shouldn't be asking this but I think I'm on the final step.

certs are generated!

alex@goeasysmile:/root/software/keys/domain.keys$ ls
account.key  domain.crt  domain.csr  domain.key

So I'm configuring apache below:

ServerName www.goeasysmile.com
SSLEngine on
SSLCertificateFile /root/software/keys/domain.keys/your_domain_name.crt (domain.crt)
SSLCertificateKeyFile /root/software/keys/domain.keys/your_private.key (which one account.key or domain.key)
SSLCertificateChainFile /root/software/keys/domain.keys/DigiCertCA.crt (only one cert file generated do I put domain.crt again?)

So is there no SSLCertificateChainFile? but the https will still work for most browsers? http://serverfault.com/questions/382633/difference-between-sslcertificatefile-and-sslcertificatechainfile/382638

[alexrmacleod]

seems to be working yay!

[davidoster]

@alexrmacleod at your previous comment
you say that Crypt::LE and perl need to be installed. Are you sure you run the install.sh because this script does exactly this (lines 1,2)

Well done!

[alexrmacleod]

@davidoster I had a feeling install.sh would take care of that but got this error ./le.sh: line 50: le.pl: command not found

First I tried to install perl, which was already installed.

Then I think I tried to install CPAN. not sure if it was installed or not.

Then after some intense googling I found and ran the below cmd for installing Crypt::LE on Linux:

sudo cpanm Test::More Crypt::LE

Then I did:

alex@goeasysmile:/root/software$ sudo ./le.sh domain www.goeasysmile.com /var/www/html/ -l

Then it generated the certs.

This is how I configured the certs on apache:

go to > cd /etc/apache2/sites-available then nano 000-default.conf updated like below

<VirtualHost *:80>
   ServerName www.goeasysmile.com
   Redirect permanent / https://www.goeasysmile.com/
</VirtualHost>

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName www.goeasysmile.com
        SSLEngine on
        SSLCertificateFile /root/software/keys/domain.keys/domain.crt
        SSLCertificateKeyFile /root/software/keys/domain.keys/domain.key

        <Directory /var/www/html/>
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            AddHandler cgi-script .pl
            Order allow,deny
            Allow from all
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Now I just need to do this crontab thing to update certs before they expire

I my situation I think I need to do the following:

sudo crontab -e or nano to create a txt file and call it le.sh and place it in /root/scripts ?

inside this le.sh file put the below?

0 19 * * 1,3,5 root /root/scripts/le.sh domain www.goeasysmile.com /var/www/html/ -r > /dev/null 2>&1

Does this look / sound right?

what cmd would I use to get this script to run before the certs expire?