Editing Installing SSL Certificate for Website on Linux & Windows

Installing SSL Certificate for Website on Linux & Windows
--------------------------------------------------------



For Linux
---------




Connect to server

Go to below path

•	cd /etc/nginx/sites-enabled

Run below command there

•	certbot certonly - - nginx

It will show you all websites hosted on that server and ask to enter numbers according to the server for which certificate need to install

Note - if you want to list domains to be renewed/added and there are some which you want to leave out, use a space separated list of the site numbers

If you keep that blank and hit enter, then it will renew the existing certificate and create new one for those website, which don’t have it

If you want to install for specific website only, then type according number and hit enter, after you hit enter it will ask you to expand, so just type e and press enter

Then it will give you two options, select there second option (renew and replace) and hit enter

It will generate certificate, we can see the generated certificate at below path

•	cd /etc/letsencrypt/live




For Windows
-----------




Login to server using RDP

Open command prompt as administrator

Go to below path

•	cd c:/certbot

Run below command

•	certbot certonly

It will give you two options, select first option (Spin up temporary)

Note – Stop the IIS service first

Enter domain names and hit enter

To convert crt and key to .pfx and generate certificate go to below path 

•	C:/programfiles/Git/usr/bin

Run below command to generate certificate with appropriate information (fullchain and key file locations and names)

openssl” pkcs12 -export -out *.pfx -inkey *.key -in *.crt

For ex. -  openssl pkcs12 -export -out "C:\certbot\archive\support.apoyar.net\support.apoyar.net.pfx" -inkey "C:\certbot\archive\support.apoyar.net\privkey1.pem" -in "C:\Certbot\archive\support.apoyar.net\fullchain1.pem"

Note – while executing the above command for generating certificate we have to use quotation for file locations (“”)

Also, we can rename the fullchain.pem file to fullchain.crt, and if we double click it, we can see certificate details


Note- Start IIS service first

Go to IIS (Internet Information Services)

- click on NEPTUNE

- server certificates 

– import

New window will open, browse the certificate path and select certificate

•	Enter password – ap0yar

•	Check the box ( Allow certificate )

Go to default web – Bindings – https – edit

And select the according to the certificate (support.apoyar.net)

Click Ok

Then click YES for all popups

Note – Sometimes error might come, so no need to worry... just click OK and continue

Note – Default web is used to store settings/certificates


Then go to Go to below path to add binding with command

•	C:\Windows\System32\Inetsrv\

Run below command with editing appropriate information

appcmd set site /site.name:"MySite V2" /+bindings.[protocol='https',bindingInformation='*:443:sitev2.mysite.com']
For Ex. - appcmd set site /site.name:"devsupport" /+bindings.[protocol='https',bindingInformation='*:443:devsupportpod.apoyar.eu']


Then we can check for certificates in IIS and we can verify browsing websites also.