How to install Let’s Encrypt SSL On Web Server running CentOS 7

Hello, In this tutorial, you will learn the TLS / SSL certificate installation process on the Apache web server. When you are done, all data connections from the server and client are encrypted. This is a secure standard of e-commerce and online finance websites. Let’s Encrypt takes the lead in free SSL deployment and serves as a certificate provider in this case.

Let's Encrypt

Before you start, you need to prepare:

  • SSH access to CentOS 7 VPS. You can use Putty.
  • Apache web server has the correct domain and vhost configuration

 Install the necessary modules

To install certbot  you will have to install EPEL  repository because it is not installed by default, mod_ssl is also required for encryption to be recognized on Apache.

To install both of these components, run the following command:

yum install epel-release mod_ssl

Now you can continue and install certbot.

Download the client Let’s Encrypt client

Next, you will install the certbot client from the EPEL repository:

yum install python-certbot-apache

The certbot will be installed and ready to use.

Install SSL certificate

Certbot will manage the SSL certificate easily, it will create a new certificate for the domain as a parameter.

In that case, will be used as the domain to which the certificate will be issued:

certbot --apache -d

If you want to create SSL for multiple domains or subdomains, run the following command:

certbot --apache -d -d

IMPORTANT! The first domain will be your base domain, in this case

When installing the certificate you will be given a step-by-step guide to easily edit the details of the certificate. You also have the choice between forcing HTTPS or HTTP as the default protocol, as well as issuing email addresses for security issues.

When the installation is complete, you will receive a similar message:

successfully message

Automatic renewal of the certificate

Let’s Encrypt certificate has a validity of 90 days, but every web developer recommends that you extend it for 60 days to avoid any errors. To do this, certbot will help you with its renew command. It will check the certificate for less than 30 days from the expiration date.

Run the following command to do this:

certbot renew

If the certificate is newly installed, certbot will only check for expiration date:

Processing /etc/letsencrypt/renewal/

Theo sau certição do not due for renewal yet:
  /etc/letsencrypt/live/ (skipped)
Không renewals were attempted.

To auto-renew, you need to install cronjob. First, open crontab:

crontab -e

This job will run every Monday night:

0 / * 1 / usr / bin / certbot renew >> /var/log/sslrenew.log

The output of the script is stored in the /var/log/sslrenew.log file.

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *