From this web site follow the instructions to update your server web environment:
$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
yum install certbot python2-certbot-apache
then run this for the website sample.lu
certbot certonly --apache -d pennellificioeurope.it -d www.pennellificioeurope.it
or
certbot run -a webroot -i apache -w /path_to_web -d solci.eu -d www.solci.eu
this the result
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): postmaster@saic.it
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(A)gree/(C)ancel: A
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y
Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sample.lu
http-01 challenge for www.sample.lu
Using the webroot path /var/www/sample.lu/web for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Resetting dropped connection: acme-v02.api.letsencrypt.org
Deploying Certificate to VirtualHost /etc/httpd/conf/sites-enabled/100-sample.lu.vhost
Deploying Certificate to VirtualHost /etc/httpd/conf/sites-enabled/100-sample.lu.vhost
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting vhost in /etc/httpd/conf/sites-enabled/100-sample.lu.vhost to ssl vhost in /etc/httpd/conf/sites-enabled/100-sample.lu.vhost
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations! You have successfully enabled https://sample.lu and
https://www.sample.lu
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=sample.lu
https://www.ssllabs.com/ssltest/analyze.html?d=www.sample.lu
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/sample.lu/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/sample.lu/privkey.pem
Your cert will expire on 2019-06-11. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew *all* of
your certificates, run
sudo certbot renew –dry-run
for test
sudo certbot renew
for prod
or
/opt/certbot/certbot-auto renew -i apache -a webroot
single domain CORRECT to USE
certbot --apache certonly -n -d
domain.com
remember to deactivate cloudfare dns proxy CDN and to deactivate any apache tomcat redirection before to run the renew.
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
To renew seafile.saic.it do :
mv /etc/httpd/conf.d/seafile.conf /etc/httpd/conf.d/seafile.conf.tmp
service httpd restart
/opt/certbot/certbot-auto renew -i apache -a webroot
service httpd restart
mv /etc/httpd/conf.d/seafile.conf.tmp /etc/httpd/conf.d/seafile.conf
To update an existing domain with adding a new subdomain
--expand
tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains. With the --expand
option, use the -d
option to specify all existing domains and one or more new domains.
Example:
certbot --expand -d existing.com,example.com,newdomain.com
If you prefer, you can specify the domains individually like this:
certbot --expand -d existing.com -d example.com -d newdomain.com
TO DELETE THE CERTIFICATE:
1. Verifica l’elenco dei certificati gestiti da Certbot
Esegui il comando seguente per visualizzare tutti i certificati attualmente gestiti da Certbot:
Troverai una lista dei certificati attivi, con informazioni come il dominio principale, eventuali domini aggiuntivi, e il percorso del file di configurazione.
2. Identifica il certificato da rimuovere
Annota il nome del dominio o il cert name associato al certificato che desideri rimuovere.
3. Elimina il certificato
Per rimuovere il certificato e la sua configurazione dai rinnovi automatici, usa il comando:
Sostituisci nome-certificato
con il valore del Cert Name
trovato nel passo precedente.
from here
certbot docs