Lets's Encrypt for Private IP
Reference:
Pre-requisite
- Domain name with DNS service
- Centos 8
Steps
1) Install Apache Web Server
sh
sudo yum install -y epel-release
sudo yum install -y httpd mod_ssl
sudo yum install -y certbot python3-certbot-apache
2) generate cert manually with a subdomain of your registered domain (in this example: private-cert.aiyoa.io):
sh
sudo certbot --manual --preferred-challenges dns certonly -d private-cert.aiyoa.io
3) You will be prompt to enter email address, and accept agreement
4) Follow the instruction to add TXT record at DNS, Then press Enter. Upon success challenge, sample output as below will be shown:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/private-cert.aiyoa.io/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/private-cert.aiyoa.io/privkey.pem
Your cert will expire on 2021-01-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
5) add/replace lines below to httpd configuration files and restart http with command; sudo systemctl restart httpd
SSLCertificateFile /etc/letsencrypt/live/private-cert.aiyoa.io/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/private-cert.aiyoa.io/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/private-cert.aiyoa.io/chain.pem
6) Add mapping to client \etc\hosts or C:\Windows\System32\drivers\etc\hosts with the private IP of server and the hostname
192.168.0.127 private-cert.aiyoa.io
7) Access https://private-cert.aiyoa.io/ to verify the installation of certification 8) Optionally, add certbot into crontab to auto renew the cert:
# every Monday at 2:30am
30 2 * * 1 /usr/bin/certbot renew --deploy-hook "systemctl restart httpd" >> /var/log/letsencrypt/le-renew.log