I was looking about Let's Encrypt SSL Certificates, as well as Apache configuration.
I found information about it, on the Official Site of Let's Encrypt .
I carried out the different steps that I found on various sites, the creation of the verification elements and I even carried out the generation of the certificate files, but then the doubt arose:
How do I configure a Let's Encrypt SSL Certificate in Apache?
I share my solution, for the configuration of the certificates.
First thing's first.
To carry out the generation of the certificates, the first thing we will need is a machine with GNU/Linux , the distribution does not matter, the only thing that is needed is that it has a penguin inside it :)
In my case, I will use a virtual machine, why? Well, according to several internet sites, the certificate generator used by Let's Encrypt installs too many dependencies on our computer, so for security reasons , I don't think it's convenient to use it on a production computer .
The machine to use will be:
Let us begin
On our machine, we are going to start by cloning the Let's Encrypt repository , we do this as follows:
After executing this command, we enter the directory:
Let's continue...
We already have 50% of the process done, what we have cloned corresponds to the script that is responsible for generating and verifying the certificates.
So...
Being in the Let's Encrypt directory , we are going to proceed with the generation of the certificate, it should be noted that a single SSL Certificate can be used for a domain as well as for all its subdomains.
How do we generate the certificate?
If we want it for a single domain , it would only be enough to execute the following instruction:
But, if we need for several subdomains , just add the parameter
-das many times as necessary:Note: It goes without saying that we replace "domain.com" with our domain and subdomains.
At this time, if it is the first time that we generate a certificate, it is normal for dependencies to be installed that will be used by Let's Encrypt
domain verification
Next we proceed with the verification of our domain (and subdomains if this is the case), for which we will have to forget about contacting someone to check the inbox, since Let's Encrypt is based on a protocol, invented by them, known as the ACME Protocol.
An example of the ACME protocol, we could see below:
In a nutshell:
This is how ownership of a domain is verified.
Therefore...
Before carrying out the verification of the domain, some verifications will be carried out on our part, there are 4 questions to which we could answer affirmatively, without having to read them:
In the first question, we are asked for our email address.
Do you accept the terms and conditions?
Do you want to share your email address with the Electronic Frontier Foundation?
And finally, do you accept the fact that your IP will be registered, as the requester of the certificate?
At the end...
We see a couple of lines, to understand them better, we must remember the example of the X and Y, previously indicated:
In other words, in our case, Let's Encrypt , will look for the text ujnNRM2mmW3B... in that directory.
To do this, all we need is to create this route on our web server.
Example (Apache):
And inside said file "ujnNRM2mmW3Bz..." , enter the text of the Red line.
At the end, we hit Enter , on our Let's Encrypt machine.
Our certificates will be found in the directory:
Configuration in Apache
The first thing we must do is transfer our files to our server, where they will be installed, in my case I have copied them to the directory:
There we will find the following files:
In the case of Apache, it is not used
fullchain.pem.It only remains to go to the configuration of our site, in this case, we must go to the directory:
And there write the configuration, for SSL:
We save, and restart Apache.
voila