$ sudo apt-get upgrade
install certbot-auto :$ sudo wget https://dl.eff.org/certbot-auto
change the permissions :$ sudo chmod a+x ./certbot-auto
bootstraping …$ sudo ./certbot-auto
Failed to find executable apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. create a new keystoresudo /usr/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /home/ubuntu/keystore.p12 -keysize 2048
you will be promoted by :
What is your first and last name?
[Unknown]: www.nokhuk.com
What is the name of your organizational unit?
[Unknown]: orgunit
What is the name of your organization?
[Unknown]: orgname
What is the name of your City or Locality?
[Unknown]: bangkok
What is the name of your State or Province?
[Unknown]: bangkok
What is the two-letter country code for this unit?
[Unknown]: TH
Is CN=www.nokhuk.com, OU=org, O=orgname, L=bangkok, ST=bangkok, C=TH correct?
$ sudo /usr/bin/keytool -certreq -alias tomcat -file request.csr -keystore /home/ubuntu/keystore.p12
Request for certificate$ sudo ./certbot-auto certonly --csr request.csr --no-bootstrap
choose :
How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
enter an email :
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
admin@gmail.com
agree : ( like you have an option …)
------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
share …
(Y)es/(N)o: Y
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/home/ubuntu/0001_chain.pem
Your cert will expire on 2018-10-06. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt:
https://letsencrypt.org/donate
Donating to EFF:
https://eff.org/donate-le
$ sudo /usr/bin/keytool -import -trustcacerts -alias tomcat -file 0001_chain.pem -keystore /home/ubuntu/keystore.p12
enter the password .. Certificate reply was installed in keystore. Thats it. enjoy..