CentOS 7 Install Let’s Encrypt SSL on Apache Server
In this tutorial, we are going to setup free SSL (Let’s Encrypt) on CentOS 7 server running Apache as a web server.
- Root access to the server as
- Properly configured domain and vhost.
If you have these prerequisites, then let’s start.
Table of Contents
- Install Dependencies
- Install Certbot – Let’s Encrypt Client
- Generate SSL Certificate
- Setup Auto-renewal
- Check Certificate Status
- Delete Certbot Certificate
Step 1 : Install Dependencies
To install Certbot, we need to install the EPEL repository and
mod_ssl. Run this command to install both:
sudo yum install -y epel-release mod_ssl
Step 2 : Install Certbot – Let’s Encrypt Client
From EPEL repository, let’s install the Certbot client:
sudo yum install -y python-certbot-apache
Step 3 : Generate SSL Certificate
We have the necessary modules to generate Let’s Encrypt SSL. To generate certificate for a single domain, run this command:
sudo certbot --apache -d example.com
To generate SSL for multiple domains or subdomains, run this command:
sudo certbot --apache -d example.com -d www.example.com
Here, example.com is the base domain.
You can also generate an SSL certificate by choosing a domain name. To do this, run this command to show all hosted domains:
sudo certbot --apache
Choose one option and run that command what you needed. After successful installation, you will see a message similar to this message:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2019-10-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Step 4 : Setup Auto-renewal
We know that Let’s Encrypt certificates are valid for 90 days. But we can renew the certificates very easily. Just run this command before the expiration date:
sudo certbot renew
We can also setup a cronjob to renew automatically. Open the cronjob:
Then add this line:
0 0 * * 1 /usr/bin/certbot renew >> /var/log/sslrenew.log
Step 5 : Check Certificate Status
We have successfully installed Let’s Encrypt SSL. Now let’s check the status of the SSL certificate by visiting this URL:
Step 6 : Delete Certbot Certificate
To delete the certificate we have to run this command:
The article is over. Thanks for reading. ?
# to select domain name sudo certbot delete # directly assign domain name sudo certbot delete --cert-name example.com
Preview may take a few seconds to load.
Below you will find some common used markdown syntax. For a deeper dive in Markdown check out this Cheat Sheet
Bold & Italic
Bold **double asterisks**
Three back ticks and then enter your code blocks here.
# This is a Heading 1
## This is a Heading 2
### This is a Heading 3
> type a greater than sign and start typing your quote.
You can add links by adding text inside of  and the link inside of (), like so:
To add a numbered list you can simply start with a number and a ., like so:
1. The first item in my list
For an unordered list, you can add a dash -, like so:
- The start of my list
You can add images by selecting the image icon, which will upload and add an image to the editor, or you can manually add the image by adding an exclamation !, followed by the alt text inside of , and the image URL inside of (), like so:
To add a divider you can add three dashes or three asterisks:
--- or ***