In the previous article, we showed you how to install Let’s Encrypt certificate on CentOS 7 server using Nginx web server. This article will guide the installation of Let’s Encrypt certificate on CentOS 7 server using Apache webserver.
What do you need to install?
Before starting, you will need to prepare:
- A CentOS 7 VPS running Apache webserver
- Putty or Tunerlier for connecting SSH
Step 1 – Required modules settings
To install certbot you will have to install EPEL repository because it is not installed by default, mod_ssl is also needed for encryption to be identified on Apache.
To install both components, run the following command:
yum install epel-release mod_ssl
Now you can continue and install certbot.
Step 2 – Download the Let’s Encrypt client
Next, you will install the certbot client from EPEL repository:
yum install python-certbot-apache
certbot will be installed and ready for real use.
Step 3 – Install SSL certificate
Certbot will manage the SSL certificate easily, it will create a new certificate for the domain as a parameter.
In this case, example.com will be used as the domain where the certificate will be issued:
certbot --apache -d example.com
If you want to create SSL for multiple domains or subdomains, run the following command:
certbot --apache -d example.com -d www.example.com
IMPORTANT! The first domain name will be your domain name, in this case example.com
When installing the certificate you will be given a step-by-step guide so you can easily edit the details of the certificate. You are also given the option to force HTTPS to run or to leave HTTP as the default protocol, which also provides an email address for security.
When the installation is complete, you will receive an IMPORTANT NOTES
Step 4 – Install automatically renew for the certificate
Let’s Encrypt certificate has a validity of 90 days, but every web developer advises you to extend it for 60 days to avoid any errors. To do this, the certbot will help you with its renew command. It will check whether the certificate has less than 30 days from expiration.
Run the following command to do this:
certbot renew
If the certificated has just been installed, certbot will only check the expiration date:
Processing /etc/letsencrypt/renewal/example.com.conf
The following certs are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem (skipped)
No renewals were attempted.
To automatically renew, you need to install cronjob. First open crobtab:
crontab -e
The results of the script will be saved in the /var/log/sslrenew.log file.
Need helps, please leave a comment below this post. Thank you!
