yum install httpd
systemctl enable httpdvim /etc/httpd/conf.d/domain.com.confVirtualHost>
ServerAdmin admin@domain.com
DocumentRoot "/var/www/html"
DirectoryIndex index.html
ServerName domain.com
ErrorLog "/var/log/httpd/domain.com.error_log"
CustomLog "/var/log/httpd/domain.com.access_log" common
</VirtualHost>vim /var/www/html/index.html<html>
Test - Welcome to The Apache Web Server.
</html>Create cert:
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
sudo certbot certonly --standaloneTest the renewal process manually with the following command.
certbot renew --dry-runcrontab -eAdd the following line:
* */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1[Monthly] Upgrade certbot
It's important to occasionally update Certbot to keep it up-to-date. To do this, run the following command on the command line on the machine.
sudo /opt/certbot/bin/pip install --upgrade certbotMove to another server:
You can copy the entire dir /etc/letsencrypt/ and restore it on your new server.
Old server (as root):
tar zpcvf backup_etc-letsencrypt_2018-Nov-20.tar.gz /etc/letsencrypt/New server (as root):
tar zxvf backup_etc-letsencrypt_2018-Nov-20.tar.gz -C /And you have all the certificates, renewal confs, etc. on your new server.
Allow user bind privileged port
For some reason no one mention about lowering sysctl net.ipv4.ip_unprivileged_port_start to the value you need. Example: We need to bind our app to 443 port.
sysctl net.ipv4.ip_unprivileged_port_start=443iptables -I INPUT -p tcp --dport 444:1024 -j DROP
iptables -I INPUT -p udp --dport 444:1024 -j DROP#----------
https://dade2.net/kb/how-to-install-and-configure-certbot-on-apache-centos/
https://certbot.eff.org/lets-encrypt/pip-other
https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux
