# Migrating Self-Signed SSL Certificate to LetsEncrypt Certificate ### Download Let's Encrypt Client 1. `sudo -s` 2. `git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt` ### Update Apache Configuration Let's Encrypt does not detect multiple virtual host in a single file, so if you have multiple virtual hosts in a single file, you need to separate it and update the configuration for SSL only. Then redirect all plain-text traffic to SSL using a single virtual host. Create a new virtual host in `/etc/httpd/conf.d/redirect_ssl.conf` to redirect plain-text traffic to SSL, replace all ``to your TLD, such as `example.com`: 1. ` *:80>` 2. ` ServerName ` 3. ` ServerAlias *.` 4. ` RewriteEngine on` 5. ` RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]` 6. `` ### Setup SSL Certificates 1. `cd /opt/letsencrypt` 2. `./letsencrypt-auto --apache -d -d www.<domain> -d .<domain>` Replacing `` with your domain, subsequent subdomains can be specified with `-d` option. ### Restart Apache and Test 1. `systemctl restart httpd` ### (Optional) Renewing SSL Certificates Let's Encrypt issue **90 days** validity certificates, but you can however, renew it earlier in case errors occurred. To renew the certificates, simply use the following command: 1. `/opt/letsencrypt/letsencrypt-auto renew` If you have just created a new certificate, Let's Encrypt will never issue you a new one, it will only issue a new certificate for your domains if the validity period is **less than 30 days**, so, you can create a cronjob to try and renew the certificate every day, week or month, in case anything goes wrong with your certificate. To setup cronjob to automatically renew certificate, enter command `crontab -e` to create a new cronjob and add the following line: 1. `0 3 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log` The cronjob above will run on **every monday** at **3 A.M.**, it will append any output from `/opt/letsencrypt/letsencrypt-auto`to `/var/log/le-renew.log`. Please refer to the reference for more info on Linux cronjobs. ### References 1. [Digital Ocean Article](https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7) 2. [Let's Encrypt Article](https://letsencrypt.org/getting-started/) 3. [Cronjob Format](http://www.nncron.ru/help/EN/working/cron-format.htm)