Hamsa K
6 min read | 3 years ago

How to Install Lets Encrypt with Apache on Centos 7

Install Let's encrypt ssl on centos 7

Let’s Encrypt is a free, automated, and open certificate authority developed by the Internet Security Research Group and recognized by all major browsers.if you have a limited budget and you can’t afford to buy a certificate then you can install lets encrypt certificate to save those days.In this tutorial we will learn how to install let's encrypt ssl certificate using certbot in centos 7.

Step 1: Install Apache and mod_ssl

 First we will update packages using yum and install apache if you don't have previously installed.

[root@localhost ~]# yum update
[root@localhost ~]# yum install httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# yum install mod_ssl openssl

Step 2: configure apache

we need to create a new Apache configuration file. We can create it with the following command.

vi /etc/httpd/conf.d/example.conf

Add below content to above file (sample vhost file)

<VirtualHost *:80>
    ServerAdmin admin@domain.com
    DocumentRoot "/var/www/html/example.com"
    DirectoryIndex index.html
    ServerName example.com
    ServerAlias www.example.com
    ErrorLog "/var/log/httpd/example.com.error_log"
    CustomLog "/var/log/httpd/example.com.access_log" common
 <Directory "/var/www/html/example.com">
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all Granted

Replace your domain name and paths etc according to your setup.

Now restart apache service once

systemctl restart httpd

Step 3: Install certbot

Before installing certbot, we need to make sure we have the EPEL repository enabled.

[root@localhost ~]# yum install epel-release

Now install certbot using following command

[root@localhost ~]# yum install certbot-apache

once certbot is installed, run certbot with the following command

certbot --apache

Certbot will ask you for the names you would like to activate HTTPS 

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example.com
2: www.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 

Press enter to continue and then as optional if you want you can redirect your sites to HTTPS.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):2

then its finally success then it will display like below

Congratulations! You have successfully enabled
https://example.com and https://www.example.com
You should test your configuration at:

Step 4: Renew Let’s Encrypt Certificate

By default, Let’s Encrypt certificates are valid for 90 days, so it is recommended to renew the certificate before it expires.We can test the renewal process manually with the following command.

certbot renew --dry-run

The above command will automatically check the currently installed certificates and tries to renew them if they are less than 30 days away from the expiration date.

Let’s Encrypt recommends the automatic renew cronjob to run twice a day.

crontab -e

add below line to above file

* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1

save and exit the file.

Now you have successfully installed and configured Let’s Encrypt with Apache on centos 7 system.


Warning! This site uses cookies
By continuing to browse the site, you are agreeing to our use of cookies. Read our terms and privacy policy