Differences

This shows you the differences between two versions of the page.

--- en:user_advanced:gs3_https [2024/09/23 01:49] – created kjdon
+++ en:user_advanced:gs3_https [2024/09/23 02:39] (current) – [Linux: Getting SSL certificates using certbot] kjdon
@@ Line 12: / Line 12: @@
 Take note of the "What you need" section. Then, choose your webserver ('apache' or 'other' for Tomcat) and operating system, and it will give you instructions to install certbot, plus also instructions to run it to get certificates.
-Once you use certbot to obtain
 Once you have certbot installed, if you are using Apache, you can run
   * ''sudo certbot --apache'' - this will generate the certificates, plus also setup Apache configuration to use them.
-  * '' sudo certbot certonly'' - will generate the certificates, but do no configuration - you will need to do that yourself.
+  * ''sudo certbot certonly'' - will generate the certificates, but do no configuration - you will need to do that yourself.
 If you are adding https support to Tomcat, you can use the Greenstone ant targets to generate the certificates, plus then convert them and setup Tomcat configuration to use them.
   * ''ant setup-https-cert'' - this will obtain the certificates from LetsEncrypt, and put them into Tomcat's conf folder.
+  * ''ant renew-existing-https-cert'' - to run the renewal command and reinstall them into Tomcat.
+The SSL certificates are installed into /etc/letsencrypt/live/<tomcat.server>
+Once you use certbot to obtain certificates, it sets up a systemd timer to automatically renew them every 60 days. You shouldn't need to re-run certbot unless your settings have changed.
+Note, if your port 80 is not open by default, and you opened it just for generating the initial certificates, this renewal won't work. You'll need to open up port 80, and run
+  * ''sudo certbot renew''.