Tutorial today, how to easy Install and Configure Certbot Lets Encrypt Apache on Centos 7 and auto renewal cert.
At First, Install Certbot.
Assume that you have installed Centos OS properly. By default, we have to enable EPEL (Extra Packages for Enterprise Linux) before install certbot.
The command is:
$ yum install epel-release
After that, we jumpt to install certbot apache
.
$ yum install certbot python2-certbot-apache mod_ssl
Execute Certbot to Install SSL for Domain
Simply run the following command.
$ certbot --apache -d domain.com
also install a single certificate for multiple domains and subdomains hosted on the server with the ‘-d’ flag like this.
$ certbot --apache -d domain.com -d www.domain.com -d domain2.com -d test.domain2.com
Commonly, we will be asked to enter an email address.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):[email protected]
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/domain.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/domain.com-le-ssl.conf
Type Y and hit [Enter], and you should see the output below.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this fornew sites, or if you're confident your site works on HTTPS. You can undo thischange by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Explanation:
Option 1
: it will only download an SSL certificate and you need to configure Apache manually to use SSL certificate.Option 2
: it will automatically download and configure Apache to use SSL certificate.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations!
You have successfully enabled <a href="https://domain.com/">https://domain.com</a>
Check Your SSL Certificate
Open your web browser and type the URL https://domain.com.
Setting Automatic Renewal.
Validity certbot is 90 days. so it is recommended to renew the certificate before it expires. We can test the renewal process manually with the following command.
certbot renew --dry-run
command above will automatically check the currently installed certificates and then tries to renew them if they are less than 30 days away from the expiration.
For doing this, edit the crontab with the following command.
crontab -e
Add the following line:
* */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1
Save and close the file. That is simple article about certbot lets encrypt apache centos 7. Please feel free for comment. Maybe usefull.