Install Let’s Encrypt SSL on CentOS 8 / RHEL 8 with Apache

  • Jan 03, 2020
  • Article · 3 min
  • 623 words

In this tutorial, we are going to setup Let’s Encrypt SSL (free SSL) on CentOS 8 / RHEL 8 server running Apache webserver.

Table of Contents

  1. Install Certbot – Let’s Encrypt Client
  2. Generate SSL Certificate
  3. Setup Auto-renewal
  4. Check Certificate Status
  5. Delete Certbot Certificate

Step 1 : Install Certbot – Let’s Encrypt Client

At first, we need to install mod_ssl & epel-release:

sudo dnf install -y epel-release mod_ssl

If you’re using firewall, then open HTTPS port. I’m showing for firewalld:

# open port
firewall-cmd --permanent --add-port=443/tcp

# reload
firewall-cmd --reload

Now let’s install Certbot:

sudo dnf install certbot python3-certbot-apache

Step 2 : Generate SSL Certificate

We have the necessary modules to generate Let’s Encrypt SSL. To generate certificate for a single domain, run this command:

certbot --apache -d example.com

To generate SSL for multiple domains or subdomains, run this command:

certbot --apache -d example.com -d www.example.com

Here, example.com is the base domain.

You can also generate an SSL certificate by choosing a domain name. To do this, run this command to show all hosted domains:

certbot --apache

Choose one option and run that command what you needed. After successful installation, you will see a message similar to this message:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2019-10-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Step 3 : Setup Auto-renewal

We know that Let’s Encrypt certificates are valid for 90 days. But we can renew the certificates very easily. Just run this command before the expiration date:

certbot renew

We can also setup a cronjob to renew automatically. Open the cronjob:

crontab -e

Then add this line:

0 0 * * * /usr/bin/certbot renew > /dev/null 2>&1

Step 4 : Check Certificate Status

We have successfully installed Let’s Encrypt SSL. Now let’s check the status of the SSL certificate by visiting this URL:

https://www.ssllabs.com/ssltest/analyze.html?d=example.com

Step 5 : Delete Certbot Certificate

To delete the certificate we have to run this command:

# to select domain name
certbot delete

# directly assign domain name
certbot delete --cert-name example.com

The article is over. Thanks for reading.

Linux Server RHEL CentOS AlmaLinux

Software Engineer | Ethical Hacker & Cybersecurity...

Md Obydullah is a software engineer and full stack developer specialist at Laravel, Django, Vue.js, Node.js, Android, Linux Server, and Ethichal Hacking.

Random Stories

Laravel get Duplicate Values from the Collection

article

Laravel Eloquent updateOrCreate() Method

article

Laravel Exclude Route from CSRF Middlware

article

React Update State onChange in an Array of Objects using React Hooks

article

Laravel Socialite Login with Google Account With Breeze

article