Situatie
Today, we will show you, How to install Let’s Encrypt on CentOS 7 with Apache. Let’s Encrypt is a completely free and automated, new certificate authority developed by the Internet Security Research Group (ISRG) and recognized by all major browsers. They make it a breeze to set up TLS certificates for your web server. And for free! Let’s Encrypt is supported by major players like Mozilla, Akamai, Cisco, the EFF and managed by the Linux Foundation. Let’s Encrypt provides free, automatic and secure certificates. The website owners can easily obtain security certificates within minutes, enabling a safer web experience for all.In today’s tutorial we are going to learn how to install a Let’s Encrypt SSL certificate on CentOS 7 with Apache, and configure the certbot for automatic renewal.
Solutie
1. Update the system
As usual make sure the system is fully up to date before installing any packages:
# yum -y update
2. Install Apache
We are going to use Apache as our web server, install it using this command:
# yum -y install httpd
3. Install mod_ssl
Install mod_ssl as well as we are going to need it to configure our Let’s Encrypt SSL certificate:
# yum -y install mod_ssl
4. Configure Apache
Create a document root folder for your site:
# mkdir /var/www/test
Create a virtual host config file for your site by opening it with nano and then pasting the following contents inside:
# nano /etc/httpd/conf.d/test-site.conf <VirtualHost *:80> ServerAdmin admin@test.com DocumentRoot "/var/www/test" ServerName test.com ServerAlias www.test.com ErrorLog "/var/log/httpd/test.error_log" CustomLog "/var/log/httpd/test.access_log" common </VirtualHost>
Add a index.html file for testing purposes later with the following contents:
# nano /var/www/test/index.html It works!
Change owner of the “/var/www/test” directory to the apache user so Apache can read the directory:
# chown -R apache:apache /var/www/test
Remember to change “test” for your site’s name.
Now that we have Apache installed we can continue by installing certbot.
5. Install certbot
To install certbot first we need to make sure we have the EPEL repository enabled, to do that execute the following command:
# yum -y install epel-release
Make sure yum-utils is installed:
# yum -y install yum-utils
Then install certbot for Apache:
# yum -y install certbot-apache
Now that we have certbot installed, run certbot with the following command:
# certbot-apache
Certbot will ask you for the names you would like to activate HTTPS for:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: test.com 2: www.test.com ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):
Press enter to continue and then optionally if you want you can redirect your sites to HTTPS:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
If everything goes well you should see the following output:
------------------------------------------------------------------------------- Congratulations! You have successfully enabled https://test.com and https://www.test.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=test.com https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com -------------------------------------------------------------------------------
6. Configure automatic renewal
Now we are going to add a cronjob so our Let’s Encrypt SSL certificates can be renewed automatically.
First run the following command so we can have nano as the default editor:
# export EDITOR=/bin/nano
Then execute the following command to edit the crontab:
# crontab -e
Let’s Encrypt recommends the automatic renew cronjob to run twice a day, to do that add the following line and then save and exit the crontab:
* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1
Now you should have successfully installed and configured Let’s Encrypt with Apache.
Leave A Comment?