Skip to content

2 CentOS 7 additional improvements

Jump to bottom Edit New page
bartmika edited this page Apr 25, 2019 · 1 revision

HOWTO: Setup Lets Encrypt for AcademicsToday (Python) Web-App on DigitalOcean using CentOS 7 OS

Description

This article assumes you've completed the previous articles. These instructions were modified from DigitalOcean.

Instruction

The following instructions are used to manually setup letsencrypt and automatically integrate with nginx.

  1. Install our Lets Encrypt client.
$ sudo yum install -y certbot-nginx
  1. Generate our certificate.
$ sudo certbot --nginx -d academicstoday.io -d www.academicstoday.io

  1. Follow the instructions and choose the most appropriate options.

  2. (Optional) Please make a copy of the /etc/letsencrypt file.

  3. Restart nginx.

$ sudo systemctl restart nginx

  1. Upgrade the security by following the instructions - https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-centos-7. Please see the Step 5 — Updating Diffie-Hellman Parameters section.

  2. Restart the server.

    $ sudo systemctl restart nginx

  3. Would you like to know more?

HOW DO WE AUTO RENEW?

https://certbot.eff.org/lets-encrypt/centosrhel7-nginx.html

sudo crontab -e

Add this to the crontab and save it:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/bin/certbot renew && systemctl restart nginx

Nginx + SSL

If your SSL is not being populated at your address then follow these.

Is it secure?

Enter the following URL to your browser.

https://www.ssllabs.com/ssltest/analyze.html?d=academicstoday.io
Add a custom footer
Add a custom sidebar
Clone this wiki locally