How to Install Let’s Encrypt with Apache on CentOS 7

How to Install Let’s Encrypt with Apache on CentOS 7


Linux Articles / All 48 Views comments

On this tutorial, we'll present you the way to set up the Let’s Encrypt shopper in your CentOS 7 VPS and problem an SSL certificates in your area.

Enhancing your web site safety via SSL encryption can improve your guests’ belief in your web site. Prior to now, establishing SSL encryption on an internet site was a sophisticated process. Nevertheless, Let’s Encrypt is a free and open supply certificates authority (CA) that permits acquiring and putting in certificates via easy, automated instructions. Because of them, establishing encryption and growing the safety of your website is made quite a bit simpler. Let’s Encrypt offers a legitimate SSL certificates in your area with none value and can be utilized for manufacturing/business use as nicely.

Let’s start with the set up – it’s a easy set up, and it gained’t take lengthy in any respect.

Desk of Contents


Step 1: Join by way of SSH and Replace the OS

Hook up with your server by way of SSH as the basis consumer utilizing the next command:

ssh [email protected]IP_ADDRESS -p PORT_NUMBER

Keep in mind to switch “IP_ADDRESS” and “PORT_NUMBER” together with your server’s respective IP tackle and SSH port quantity.

Earlier than beginning with the set up, you will have to replace your OS packages to their newest variations. It’s straightforward to do, and it gained’t take various minutes.

You are able to do this by operating the next command:

yum replace

As soon as the updates are accomplished, we will transfer on to the subsequent step.

Step 2: Set up LAMP Stack

We have to set up the LAMP stack on the server. It consists of Linux (which we have already got), Apache, MySQL, and PHP. We will set up it by operating the next command:

yum set up httpd mariadb-server php php-cli php-common

As soon as all of the packages are put in, begin the Apache and MariaDB providers:

systemctl begin httpd
systemctl begin mariadb

Allow them to start out on server boot with the next command:

systemctl allow httpd
systemctl allow mariadb

Step three: Configure Apache

We have to create a brand new Apache configuration file. We will create it with the next command:

nano /and so forth/httpd/conf.d/

Add the next strains:

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/var/www/html"
    DirectoryIndex index.html
    ErrorLog "/var/log/httpd/"
    CustomLog "/var/log/httpd/" widespread

Save and shut the file.

Then, create an index.html file for testing functions with the next command:

nano /var/www/html/index.html

Add the next strains:

Check - Welcome to The Apache Net Server.

Save the file and alter proprietor of the ‘/var/www/html/index.html’ file to the Apache consumer so Apache can learn the file:

chown -R apache:apache /var/www/html/index.html

Keep in mind to vary together with your precise area identify.
Now that we've got Apache put in we will proceed and set up certbot.

Step four: Set up Certbot

We have to set up Certbot and allow the mod_ssl Apache module on the server. Certbot is an easy and straightforward to make use of device that simplifies server administration by automating acquiring certificates and configuring net providers to make use of them.

By default, Certbot package deal is just not obtainable within the CentOS 7 default OS repository. We have to allow the EPEL repository, then set up Certbot.

So as to add the EPEL repository run the next command:

yum set up epel-release

As soon as enabled, set up all of the required packages with the next command:

yum set up certbot python2-certbot-apache mod_ssl

As soon as put in, we will proceed to the subsequent step.

Step 5: Acquire and Set up SSL for Your Area

Now that Certbot is put in, you should use it to acquire and set up an SSL certificates on your area.

Merely run the next command to acquire and set up an SSL certificates in your area:

certbot --apache -d

We will additionally set up a single certificates for a number of domains and subdomains hosted on the server with the ‘-d’ flag, e.g.:

certbot --apache -d -d -d -d

We can be requested to offer an e mail tackle and comply with the phrases of service.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins chosen: Authenticator apache, Installer apache
Enter e mail handle (used for pressing renewal and safety notices) (Enter 'c' to
cancel): [email protected]
Beginning new HTTPS connection (1):

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please learn the Phrases of Service at You should
agree with a view to register with the ACME server at
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be prepared to share your e-mail tackle with the Digital Frontier
Basis, a founding companion of the Let's Encrypt venture and the non-profit
group that develops Certbot? We might wish to ship you e-mail about our work
encrypting the online, EFF information, campaigns, and methods to help digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Beginning new HTTPS connection (1):
Acquiring a brand new certificates
Performing the next challenges:
http-01 problem for
Ready for verification...
Cleansing up challenges
Created an SSL vhost at /and so forth/httpd/conf.d/
Deploying Certificates to VirtualHost /and so forth/httpd/conf.d/

Sort Y and hit [Enter], and it is best to see the next output:

Please select whether or not or to not redirect HTTP visitors to HTTPS, eradicating HTTP entry.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no additional modifications to the webserver configuration.
2: Redirect - Make all requests redirect to safe HTTPS entry. Select this for
new websites, or for those who're assured your website works on HTTPS. You possibly can undo this
change by modifying your net server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Choose the suitable quantity [1-2] then [enter] (press 'c' to cancel): 2

Right here, it's essential to select anybody choice to proceed. For those who select choice 1, it'll solely obtain an SSL certificates and it's worthwhile to configure Apache manually to make use of SSL certificates. Should you select choice 2, it should routinely obtain and configure Apache to make use of SSL certificates. On this case, select choice 2 and hit [Enter]. When the set up is efficiently completed, you will notice a message just like this:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You've efficiently enabled
- Congratulations! Your certificates and chain have been saved at:
/and so forth/letsencrypt/reside/
Your key file has been saved at:
/and so on/letsencrypt/stay/
Your cert will expire on 2019-10-22. To acquire a brand new or tweaked
model of this certificates sooner or later, merely run certbot once more
with the "certonly" choice. To non-interactively renew *all* of
your certificates, run "certbot renew"
- In case you like Certbot, please contemplate supporting our work by:

Donating to ISRG / Let's Encrypt:
Donating to EFF:

The generated certificates information can be found within the /and so on/letsencrypt/reside/ listing. You'll be able to examine the newly created SSL certificates with the next command:

ls /and so forth/letsencrypt/stay/

You must see the next output:

cert.pem chain.pem fullchain.pem privkey.pem

Step 6: Examine Your SSL Certificates

Open your net browser and sort the URL .  To examine the SSL certificates in Chrome, click on on the padlock icon within the handle bar for and from the pop-up field, click on on ‘Legitimate’ underneath the ‘Certificates’ immediate.

Step 7: Arrange Automated Renewal

By default, Let’s Encrypt certificates are legitimate for 90 days, so it is suggested to resume the certificates earlier than it expires. Ideally it might be greatest to automate the renewal course of to periodically verify and renew the certificates.

We will check the renewal course of manually with the next command.

certbot renew --dry-run

The above command will mechanically verify the at present put in certificates and tries to resume them if they're lower than 30 days away from the expiration date.

We will additionally add a cronjob to routinely run the above command twice a day.

To take action, edit the crontab with the next command:

crontab -e

Add the next line:

* */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1

Save and shut the file.

Congratulations! We've got efficiently put in and configured Let’s Encrypt with Apache on a CentOS 7 VPS.

In fact, you don’t should Set up Let’s Encrypt on CentOS 7 in case you use one in every of our managed CentOS hosting plans, through which case you possibly can merely ask our professional Linux admins to put in Let’s Encrypt in your CentOS 7 VPS for you. They're out there 24×7 and can maintain your request instantly.

PS. In case you appreciated this submit on methods to Set up Let’s Encrypt on CentOS 7, or should you discovered it useful, please share it with your folks on the social networks utilizing the share buttons, or just depart a reply under. Thanks.