CentOS 7 Install Let’s Encrypt SSL on Apache Server

In this tutorial, we are going to setup free SSL (Let’s Encrypt) on CentOS 7 server running Apache as a web server.

Prerequisites

  • Root access to the server as sudo.
  • Properly configured domain and vhost.

If you have these prerequisites, then let’s start.

Table of Contents

  1. Install Dependencies
  2. Install Certbot – Let’s Encrypt Client
  3. Generate SSL Certificate
  4. Setup Auto-renewal
  5. Check Certificate Status
  6. Delete Certbot Certificate

Step 1 : Install Dependencies

To install Certbot, we need to install the EPEL repository and mod_ssl. Run this command to install both:

sudo yum install -y epel-release mod_ssl

Step 2 : Install Certbot – Let’s Encrypt Client

From EPEL repository, let’s install the Certbot client:

sudo yum install -y python-certbot-apache

Step 3 : Generate SSL Certificate

We have the necessary modules to generate Let’s Encrypt SSL. To generate certificate for a single domain, run this command:

sudo certbot --apache -d example.com

To generate SSL for multiple domains or subdomains, run this command:

sudo certbot --apache -d example.com -d www.example.com

Here, example.com is the base domain.

You can also generate an SSL certificate by choosing a domain name. To do this, run this command to show all hosted domains:

sudo certbot --apache

Choose one option and run that command what you needed. After successful installation, you will see a message similar to this message:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2019-10-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Step 4 : Setup Auto-renewal

We know that Let’s Encrypt certificates are valid for 90 days. But we can renew the certificates very easily. Just run this command before the expiration date:

sudo certbot renew

We can also setup a cronjob to renew automatically. Open the cronjob:

crontab -e

Then add this line:

0 0 * * 1 /usr/bin/certbot renew >> /var/log/sslrenew.log

Step 5 : Check Certificate Status

We have successfully installed Let’s Encrypt SSL. Now let’s check the status of the SSL certificate by visiting this URL:

https://www.ssllabs.com/ssltest/analyze.html?d=example.com

Step 6 : Delete Certbot Certificate

To delete the certificate we have to run this command:

# to select domain name
sudo certbot delete

# directly assign domain name
sudo certbot delete --cert-name example.com

The article is over. Thanks for reading.


Software Engineer | Ethical Hacker & Cybersecurity...

Md Obydullah is a software engineer and full stack developer specialist at Laravel, Django, Vue.js, Node.js, Android, Linux Server, and Ethichal Hacking.