CentOS 7 Install Let’s Encrypt SSL on Apache Server
In this tutorial, we are going to setup free SSL (Let’s Encrypt) on CentOS 7 server running Apache as a web server.
Prerequisites
- Root access to the server as
sudo. - Properly configured domain and vhost.
If you have these prerequisites, then let’s start.
Table of Contents
- Install Dependencies
- Install Certbot – Let’s Encrypt Client
- Generate SSL Certificate
- Setup Auto-renewal
- Check Certificate Status
- Delete Certbot Certificate
Step 1 : Install Dependencies
To install Certbot, we need to install the EPEL repository and mod_ssl. Run this command to install both:
sudo yum install -y epel-release mod_sslStep 2 : Install Certbot – Let’s Encrypt Client
From EPEL repository, let’s install the Certbot client:
sudo yum install -y python-certbot-apacheStep 3 : Generate SSL Certificate
We have the necessary modules to generate Let’s Encrypt SSL. To generate certificate for a single domain, run this command:
sudo certbot --apache -d example.comTo generate SSL for multiple domains or subdomains, run this command:
sudo certbot --apache -d example.com -d www.example.comHere, example.com is the base domain.
You can also generate an SSL certificate by choosing a domain name. To do this, run this command to show all hosted domains:
sudo certbot --apacheChoose one option and run that command what you needed. After successful installation, you will see a message similar to this message:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2019-10-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-leStep 4 : Setup Auto-renewal
We know that Let’s Encrypt certificates are valid for 90 days. But we can renew the certificates very easily. Just run this command before the expiration date:
sudo certbot renewWe can also setup a cronjob to renew automatically. Open the cronjob:
crontab -eThen add this line:
0 0 * * 1 /usr/bin/certbot renew >> /var/log/sslrenew.logStep 5 : Check Certificate Status
We have successfully installed Let’s Encrypt SSL. Now let’s check the status of the SSL certificate by visiting this URL:
https://www.ssllabs.com/ssltest/analyze.html?d=example.comStep 6 : Delete Certbot Certificate
To delete the certificate we have to run this command:
# to select domain name
sudo certbot delete
# directly assign domain name
sudo certbot delete --cert-name example.comShare on Social Media
Comment
Preview may take a few seconds to load.
Markdown Basics
Below you will find some common used markdown syntax. For a deeper dive in Markdown check out this Cheat Sheet
Bold & Italic
Italics *asterisks*
Bold **double asterisks**
Code
Inline Code
`backtick`Code Block```
Three back ticks and then enter your code blocks here.
```
Headers
# This is a Heading 1
## This is a Heading 2
### This is a Heading 3
Quotes
> type a greater than sign and start typing your quote.
Links
You can add links by adding text inside of [] and the link inside of (), like so:
Lists
To add a numbered list you can simply start with a number and a ., like so:
1. The first item in my list
For an unordered list, you can add a dash -, like so:
- The start of my list
Images
You can add images by selecting the image icon, which will upload and add an image to the editor, or you can manually add the image by adding an exclamation !, followed by the alt text inside of [], and the image URL inside of (), like so:
Dividers
To add a divider you can add three dashes or three asterisks:
--- or ***
Comments (0)