Lets Encrypt
Click here to download a handy shortcut file for the following Let’s Encrypt process
If not using Let’s Encrypt, this section may be skipped.
Installing Lets Encrypt via Snap
New Lets Encrypt Dependency – snap
Ubuntu
Ubuntu distributions should include snapd
. This is used to install certbot.
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
CentOS
If you are running Red5 Pro on Centos, you will need to install EPEL and snapd per the following
- For CentOS 7 –
sudo yum install epel-release
- For CentOS 8 –
sudo dnf install epel-release
thensudo dnf upgrade
And then install and enable snapd
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
You will then need to restart or log out and back into your system to ensure the paths are updated
Then use snap to install certbot
:
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
If Red5 Pro is running at this point, shut it down.
Get The Certificate
To obtain a CA signed certificate from Let’s Encrypt, substitute the yourname@example.com
with your email address and ssl.example.com
with the fully qualified domain name for your Red5 Pro server in the command below (multiple hostnames may be supplied with additional “-d” options):
sudo certbot certonly --standalone --email yourname@example.com --agree-tos -d ssl.example.com
Note: Let’s Encrypt uses ports 80
and 443
to validate that the registered domain name is associated with the IP address of the server from which you are running this command, so make sure that inbound access for those ports is enabled when you make this call.
If the process completes successfully, you will see a message similar to this:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ssl.example.com/fullchain.pem. Your cert will
expire on 2018-03-20. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Please note that these particular certificates expire after 90 days and must be renewed.
To renew, run the
certbot certonly...
command. You will also need to create a new Keystore and Trustore after you renew the certificate.
If the hostname is improperly configured in DNS or some other issue occurs, you may see this message:
Failed authorization procedure. ssl.example.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Server failure at resolver
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to yourname@example.com.
- The following 'urn:acme:error:connection' errors were reported by
the server:
Domains: ssl.example.com
Error: The server could not connect to the client to verify the
domain
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.