CentOS 7 Install Let’s Encrypt SSL on Apache Server
In this tutorial, we are going to set up free SSL (Let’s Encrypt) on CentOS 7 server running Apache as a web server.
Prerequisites
- Root access to the server as
sudo
. - Properly configured domain and vhost.
If you have these prerequisites, then let’s start.
Table of Contents
- Install Dependencies
- Install Certbot – Let’s Encrypt Client
- Generate SSL Certificate
- Setup Auto-renewal
- Check Certificate Status
- Delete Certbot Certificate
Step 1: Install Dependencies
To install Certbot, we need to install the EPEL repository and mod_ssl
. Run this command to install both:
Step 2 : Install Certbot – Let’s Encrypt Client
From EPEL repository, let’s install the Certbot client:
Step 3 : Generate SSL Certificate
We have the necessary modules to generate Let’s Encrypt SSL. To generate a certificate for a single domain, run this command:
To generate SSL for multiple domains or subdomains, run this command:
Here, example.com is the base domain.
You can also generate an SSL certificate by choosing a domain name. To do this, run this command to show all hosted domains:
Choose one option and run that command what you needed. After successful installation, you will see a message similar to this message:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2019-10-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Step 4 : Setup Auto-renewal
We know that Let’s Encrypt certificates are valid for 90 days. But we can renew the certificates very easily. Just run this command before the expiration date:
We can also setup a cronjob to renew automatically. Open the cronjob:
Then add this line:
Step 5 : Check Certificate Status
We have successfully installed Let’s Encrypt SSL. Now let’s check the status of the SSL certificate by visiting this URL:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
Step 6 : Delete Certbot Certificate
To delete the certificate we have to run this command:
The article is over. Thanks for reading. ?