habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Easy Install and Configure Certbot Lets Encrypt Apache on Centos 7

3 min read

Tutorial today, how to easy Install and Configure Certbot Lets Encrypt Apache on Centos 7 and auto renewal cert.

At First, Install Certbot.

Assume that you have installed Centos OS properly. By default, we have to enable EPEL (Extra Packages for Enterprise Linux) before install certbot.

The command is:

$ yum install epel-release

After that, we jumpt to install certbot apache.

$ yum install certbot python2-certbot-apache mod_ssl

Execute Certbot to Install SSL for Domain

Simply run the following command.

$ certbot --apache -d domain.com

 also install a single certificate for multiple domains and subdomains hosted on the server with the ‘-d’ flag like this.

$ certbot --apache -d domain.com -d www.domain.com -d domain2.com -d test.domain2.com

Commonly, we will be asked to enter an email address.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):[email protected]
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/domain.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/domain.com-le-ssl.conf

Type Y and hit [Enter], and you should see the output below.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this fornew sites, or if you're confident your site works on HTTPS. You can undo thischange by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Explanation:

  • Option 1: it will only download an SSL certificate and you need to configure Apache manually to use SSL certificate.
  • Option 2: it will automatically download and configure Apache to use SSL certificate.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
Congratulations!
You have successfully enabled <a href="https://domain.com/">https://domain.com</a>

Check Your SSL Certificate

Open your web browser and type the URL https://domain.com.

See also  Install Mod JK Status Apache Tomcat in Ubuntu 20.04 - Part II

Setting Automatic Renewal.

Validity certbot is 90 days. so it is recommended to renew the certificate before it expires. We can test the renewal process manually with the following command.

certbot renew --dry-run

command above will automatically check the currently installed certificates and then tries to renew them if they are less than 30 days away from the expiration.

For doing this, edit the crontab with the following command.

crontab -e

Add the following line:

* */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1

Save and close the file. That is simple article about certbot lets encrypt apache centos 7. Please feel free for comment. Maybe usefull.


habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Ansible Ubuntu 20.04

Introduction Ansible is an open-source automation tool that simplifies configuration management, application deployment, and task automation. It is designed to be simple, lightweight, and...
habibzain
1 min read

Leave a Reply

Your email address will not be published. Required fields are marked *

Never miss good article from us, get weekly updates in your inbox