How to install Let’s Encrypt SSL On a Apache Webserver running CentOS 7

In the previous article, we showed you how to install Let’s Encrypt certificate on CentOS 7 server using Nginx web server. This article will guide the installation of Let’s Encrypt certificate on CentOS 7 server using Apache web server.

How to Install Let's Encrypt on CentOS 7 with Apache

What do you need to install?

Before starting, you will need to prepare:

  • A CentOS 7 VPS running Apache web server
  • Putty or Tunerlier for connecting SSH

Step 1 – Required modules settings

To install certbot  you will have to install EPEL  repository because it is not installed by default, mod_ssl is also needed for encryption to be identified on Apache.

To install both components, run the following command:

yum install epel-release mod_ssl

Now you can continue and install certbot.

Step 2 – Download the Let’s Encrypt client

Next, you will install the certbot client from EPEL repository:

yum install python-certbot-apache

certbot will be installed and ready for real use.

Step 3 – Install SSL certificate

Certbot will manage the SSL certificate easily, it will create a new certificate for the domain as a parameter.

In this case, example.com will be used as the domain where the certificate will be issued:

certbot --apache -d example.com

If you want to create SSL for multiple domains or subdomains, run the following command:

certbot --apache -d example.com -d www.example.com

IMPORTANT! The first domain name will be your domain name, in this case example.com

When installing the certificate you will be given a step-by-step guide so you can easily edit the details of the certificate. You are also given the option to force HTTPS to run or to leave HTTP as the default protocol, which also provides an email address for security.

When the installation is complete, you will receive an IMPORTANT NOTES

Step  4 – Install automatically renew for the certificate

Let’s Encrypt certificate has a validity of 90 days, but every web developer advises you to extend it for 60 days to avoid any errors. To do this, the certbot will help you with its renew command. It will check whether the certificate has less than 30 days from expiration.

Run the following command to do this:

certbot renew

If the certificated has just been installed, certbot will only check the expiration date:

Processing /etc/letsencrypt/renewal/example.com.conf

The following certs are not due for renewal yet:

/etc/letsencrypt/live/example.com/fullchain.pem (skipped)

No renewals were attempted.

To automatically renew, you need to install cronjob. First open crobtab:

crontab -e

The results of the script will be saved in the /var/log/sslrenew.log file.

Need helps, please leave a comment below this post. Thank you!

About the Author: admin

You might like

Leave a Reply

Your email address will not be published. Required fields are marked *