##### ensure you have the correct DNS Records Open your master zone file $sudo vi /var/cache/bind/master/YYY.afnog.nog-oc.org Add a line like the one below and increase the serial @ IN A 196.200.219.XXX Save and exit and reload Bind $sudo rndc reload ##### INSTALL lets encrypt $sudo apt-get install git $sudo git clone https://github.com/letsencrypt/letsencrypt /home/afnog/letsencrypt $cd /home/afnog/letsencrypt #### INSTALL THE CERTIFICATE USING LETSENCRYPT ##### $./letsencrypt-auto --apache -d YYY.afnog.nog-oc.org -d pcXX.sse.ws.afnog.org ###### You will see Requesting root privileges to run certbot... /home/afnog/.local/share/letsencrypt/bin/letsencrypt --apache -d pc35.sse.ws.afnog.org Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): afnog@YYY.afnog.guru Enter your YYY.afnog.nog-oc.org email address ####### YOU WILL SEE Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A Agree ######## YOU WILL SEE Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: N Answer N ######## YOU WILL SEE Please choose whether HTTPS access is required or optional. ------------------------------------------------------------------------------- 1: Easy - Allow both HTTP and HTTPS access to these sites 2: Secure - Make all requests redirect to secure HTTPS access ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Enter 2 ######## YOU WILL SEE IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/pc35.sse.ws.afnog.org/fullchain.pem. Your cert will expire on 2017-08-23. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le ######## DONE - browse you YYY.afnog.nog-oc.or domain or your pcXX.sse.ws.afnog.org and see if it worked