Install Let’s Encrypt SSL on CentOS 8 / RHEL 8 with Apache
In this tutorial, we are going to setup Let’s Encrypt SSL (free SSL) on CentOS 8 / RHEL 8 server running Apache webserver.
Table of Contents
- Install Certbot – Let’s Encrypt Client
- Generate SSL Certificate
- Setup Auto-renewal
- Check Certificate Status
- Delete Certbot Certificate
Step 1 : Install Certbot – Let’s Encrypt Client
At first, we need to install mod_ssl & epel-release:
sudo dnf install -y epel-release mod_sslIf you’re using firewall, then open HTTPS port. I’m showing for firewalld:
# open port
firewall-cmd --permanent --add-port=443/tcp
# reload
firewall-cmd --reloadNow let’s install Certbot:
sudo dnf install certbot python3-certbot-apache
Step 2 : Generate SSL Certificate
We have the necessary modules to generate Let’s Encrypt SSL. To generate certificate for a single domain, run this command:
certbot --apache -d example.comTo generate SSL for multiple domains or subdomains, run this command:
certbot --apache -d example.com -d www.example.comHere, example.com is the base domain.
You can also generate an SSL certificate by choosing a domain name. To do this, run this command to show all hosted domains:
certbot --apacheChoose one option and run that command what you needed. After successful installation, you will see a message similar to this message:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2019-10-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-leStep 3 : Setup Auto-renewal
We know that Let’s Encrypt certificates are valid for 90 days. But we can renew the certificates very easily. Just run this command before the expiration date:
certbot renewWe can also setup a cronjob to renew automatically. Open the cronjob:
crontab -eThen add this line:
0 0 * * * /usr/bin/certbot renew > /dev/null 2>&1Step 4 : Check Certificate Status
We have successfully installed Let’s Encrypt SSL. Now let’s check the status of the SSL certificate by visiting this URL:
https://www.ssllabs.com/ssltest/analyze.html?d=example.comStep 5 : Delete Certbot Certificate
To delete the certificate we have to run this command:
# to select domain name
certbot delete
# directly assign domain name
certbot delete --cert-name example.comShare on Social Media
Comment
Preview may take a few seconds to load.
Markdown Basics
Below you will find some common used markdown syntax. For a deeper dive in Markdown check out this Cheat Sheet
Bold & Italic
Italics *asterisks*
Bold **double asterisks**
Code
Inline Code
`backtick`Code Block```
Three back ticks and then enter your code blocks here.
```
Headers
# This is a Heading 1
## This is a Heading 2
### This is a Heading 3
Quotes
> type a greater than sign and start typing your quote.
Links
You can add links by adding text inside of [] and the link inside of (), like so:
Lists
To add a numbered list you can simply start with a number and a ., like so:
1. The first item in my list
For an unordered list, you can add a dash -, like so:
- The start of my list
Images
You can add images by selecting the image icon, which will upload and add an image to the editor, or you can manually add the image by adding an exclamation !, followed by the alt text inside of [], and the image URL inside of (), like so:
Dividers
To add a divider you can add three dashes or three asterisks:
--- or ***
Comments (0)