Let's Encrypt is a free SSL certificate. Validity period is 90 days. You can manually generate Let's Encrypt certificate. Also, this feature is available in the BitrixVM panel, starting from version 7.2.0.
Getting and Installing Let's Encrypt Through the Bitrix Menu
1. Go to section 8. Manage pool web servers - 3. Configure certificates - 1. Configure Let's encrypt certificate.
2. Enter:
- one or several sites for which a certificate is ordered. Sites are separated by commas. For example: site1.com, site2.com, site3.com
- domain names of sites, separated by commas.
- e-mail for receiving messages from Let's Encrypt. Be sure to include a valid email address.
3. Press Y to confirm. The certificate will be issued and installed automatically.
4. After the expiration date, the certificate is automatically reissued. If the certificate was not reissued automatically, get the certificate again using this instruction.
You can manually install the certificate and configure it to be automatically reissued through the Crontab task.
Obtaining a certificate manually
1. Install GIT:
yum install git
2. Create a letsencrypt directory and change to it:
mkdir / opt / letsencrypt && cd "$ _"
3. Copy the certbot repository to get the certificate:
git clone https://github.com/certbot/certbot
4. Change to the directory with certbot:
cd certbot
5. To obtain a certificate and configure dependencies for certbot, run the command:
./certbot-auto certonly --webroot --agree-tos --email admin@email.com -w / path / to / dir / site / -d my-domain.com -d www.my-domain.com
When requesting "Is this ok [y / d / N]: "press Y on the keyboard.
- admin@mail.com - domain administrator's email address. Be sure to indicate a valid e-mail.
- / path / to / dir / site / - full path to the directory with the site files for which the certificate is installed.
- my-domain.com and www.my-domain.com are the domains for which the certificate is generated and installed. To specify multiple domains, specify -d before each.
If the procedure is successful, the following text will be displayed. The path to the certificate will be displayed here fullchain.pem and private key privkey.pem. The certificate and key files are unencrypted and can be used for installation.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/my-domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/my-domain.com/privkey.pem
Your cert will expire on 2020-09-16. To obtain a newor tweaked
version of thiscertificate in the future, simply run certbot-auto
again. To non-interactively renew * all * of your certificates, run
"certbot-auto renew"
Then install the resulting certificate according to instructions.
Renewal of the certificate
To automatically renew the certificate, add a task to the crtontab scheduler.
1. Check if the certificate can be renewed after installation:
/ opt / letsencrypt / certbot / certbot-auto renew --dry-run
2. Open the crontab scheduler:
crontab -e
3. Add a task to renew the certificate:
thirty6* * * / opt / letsencrypt / certbot / certbot-auto renew --post-hook "systemctl reload nginx"
In our case, the check for the need for an update will be carried out every day at 6.30.
If you have any questions, please create a ticket to technical support.