# Get Certificates for Webserver

##### Use letsencrypt

https ssl install

Instruction from [https://certbot.eff.org/lets-encrypt/centosrhel7-apache](https://certbot.eff.org/lets-encrypt/centosrhel7-apache)

Once installed, **add** certificate with: `sudo certbot --apache`

**Renew** certificates: `sudo certbot renew`

**crontab** (auto renew) `sudo crontab -e`

```shell
# Minute   Hour   Day of Month       Month          Day of Week        Command
# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)
1       7       *       *       1       /usr/bin/certbot renew --quiet
```

### Ubuntu

##### DNS

```
A Record: @ 12.13.14.15
CNAME Record: www domain.com 
```

##### vhost

Rewrite Engine added by certbot

```
<VirtualHost>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/domain
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com [OR]
RewriteCond %{SERVER_NAME} =domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
```

##### certbot

Eén domein heeft meerdere sub-domeinen: meldt ze in één keer aan.

Komt er één bij dan de complete regel opnieuw invoeren.

```
sudo certbot --apache -d domain.com -d www.domain.com
```

##### certbot - other

```
// delete
sudo certbot delete

//list
sudo certbot certificates
```

\--