Hello, In this tutorial, you will learn the TLS / SSL certificate installation process on the Apache web server. When you are done, all data connections from the server and client are encrypted. This is a secure standard of e-commerce and online finance websites. Let’s Encrypt takes the lead in free SSL deployment and serves as a certificate provider in this case.
Before you start, you need to prepare:
- SSH access to CentOS 7 VPS. You can use Putty.
- Apache web server has the correct domain and vhost configuration
Install the necessary modules
To install certbot you will have to install EPEL repository because it is not installed by default, mod_ssl is also required for encryption to be recognized on Apache.
To install both of these components, run the following command:
yum install epel-release mod_ssl
Now you can continue and install certbot.
Download the client Let’s Encrypt client
Next, you will install the certbot client from the EPEL repository:
yum install python-certbot-apache
The certbot will be installed and ready to use.
Install SSL certificate
Certbot will manage the SSL certificate easily, it will create a new certificate for the domain as a parameter.
In that case, example.com will be used as the domain to which the certificate will be issued:
certbot --apache -d example.com
If you want to create SSL for multiple domains or subdomains, run the following command:
certbot --apache -d example.com -d www.example.com
IMPORTANT! The first domain will be your base domain, in this case example.com
When installing the certificate you will be given a step-by-step guide to easily edit the details of the certificate. You also have the choice between forcing HTTPS or HTTP as the default protocol, as well as issuing email addresses for security issues.
When the installation is complete, you will receive a similar message:
Automatic renewal of the certificate
Let’s Encrypt certificate has a validity of 90 days, but every web developer recommends that you extend it for 60 days to avoid any errors. To do this, certbot will help you with its renew command. It will check the certificate for less than 30 days from the expiration date.
Run the following command to do this:
certbot renew
If the certificate is newly installed, certbot will only check for expiration date:
Processing /etc/letsencrypt/renewal/example.com.conf Theo sau certição do not due for renewal yet: /etc/letsencrypt/live/example.com/fullchain.pem (skipped) Không renewals were attempted.
To auto-renew, you need to install cronjob. First, open crontab:
crontab -e
This job will run every Monday night:
0 / * 1 / usr / bin / certbot renew >> /var/log/sslrenew.log
The output of the script is stored in the /var/log/sslrenew.log file.