Install Let's encrypt ssl on centos 7
Let’s Encrypt is a free, automated, and open certificate authority developed by the Internet Security Research Group and recognized by all major browsers.if you have a limited budget and you can’t afford to buy a certificate then you can install lets encrypt certificate to save those days.In this tutorial we will learn how to install let's encrypt ssl certificate using certbot in centos 7.
Step 1: Install Apache and mod_ssl
First we will update packages using yum and install apache if you don't have previously installed.
[root@localhost ~]# yum update
[root@localhost ~]# yum install httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# yum install mod_ssl opensslStep 2: configure apache
we need to create a new Apache configuration file. We can create it with the following command.
vi /etc/httpd/conf.d/example.confAdd below content to above file (sample vhost file)
<VirtualHost *:80>
ServerAdmin admin@domain.com
DocumentRoot "/var/www/html/example.com"
DirectoryIndex index.html
ServerName example.com
ServerAlias www.example.com
ErrorLog "/var/log/httpd/example.com.error_log"
CustomLog "/var/log/httpd/example.com.access_log" common
<Directory "/var/www/html/example.com">
Options -Indexes +FollowSymLinks
AllowOverride All
Require all Granted
</Directory>
</VirtualHost>
Replace your domain name and paths etc according to your setup.
Now restart apache service once
systemctl restart httpdStep 3: Install certbot
Before installing certbot, we need to make sure we have the EPEL repository enabled.
[root@localhost ~]# yum install epel-releaseNow install certbot using following command
[root@localhost ~]# yum install certbot-apacheonce certbot is installed, run certbot with the following command
certbot --apache
Certbot will ask you for the names you would like to activate HTTPS
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example.com
2: www.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Press enter to continue and then as optional if you want you can redirect your sites to HTTPS.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):2then its finally success then it will display like below
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled
https://example.com and https://www.example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.example.comStep 4: Renew Let’s Encrypt Certificate
By default, Let’s Encrypt certificates are valid for 90 days, so it is recommended to renew the certificate before it expires.We can test the renewal process manually with the following command.
certbot renew --dry-runThe above command will automatically check the currently installed certificates and tries to renew them if they are less than 30 days away from the expiration date.
Let’s Encrypt recommends the automatic renew cronjob to run twice a day.
crontab -eadd below line to above file
* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1save and exit the file.
Now you have successfully installed and configured Let’s Encrypt with Apache on centos 7 system.
