Let’s Encrypt on CentOS 7 with Apache

CentOS, Linux / May 19, 2021 / ashishpsk / 0

As usual make sure the system is fully up to date before installing any packages:

# yum -y update

We are going to use Apache as our web server, install it using this command:

# yum -y install httpd

Install mod_ssl as well as we are going to need it to configure our Let’s Encrypt SSL certificate:

# yum -y install mod_ssl

Configure Apache:

Create a document root folder for your site:

# mkdir /var/www/test

Create a virtual host config file for your site

# nano /etc/httpd/conf.d/test-site.conf

<VirtualHost *:80>
    ServerAdmin admin@test.com
    DocumentRoot "/var/www/test"
    ServerName test.com
    ServerAlias www.test.com
    ErrorLog "/var/log/httpd/test.error_log"
    CustomLog "/var/log/httpd/test.access_log" common
</VirtualHost>

Add a index.html file for testing purposes later with the following contents:

# nano /var/www/test/index.html

It works!

Change owner of the “/var/www/test” directory to the apache user so Apache can read the directory:

# chown -R apache:apache /var/www/test

Install certbot:

To install certbot first we need to make sure we have the EPEL repository enabled, to do that execute the following command:

# yum -y install epel-release

Make sure yum-utils is installed:

# yum -y install yum-utils

Then install certbot for Apache:

# yum -y install certbot-apache

Now that we have certbot installed, run certbot with the following command:

certbot --apache -d domain.com

We can also install a single certificate for multiple domains and subdomains hosted on the server with the ‘-d’ flag, e.g.:

certbot --apache -d domain.com -d www.domain.com -d domain2.com -d test.domain2.com

The generated certificate files are available in the /etc/letsencrypt/live/domain.com directory. You can check the newly created SSL certificate with the following command:

ls /etc/letsencrypt/live/domain.com/

Check Your SSL Certificate: Replace with your domain

https://www.ssllabs.com/ssltest/analyze.html?d=underhood.co.in

Set up Automatic Renewal:

By default, Let’s Encrypt certificates are valid for 90 days, so it is recommended to renew the certificate before it expires. Ideally it would be best to automate the renewal process to periodically check and renew the certificate.

We can test the renewal process manually with the following command.

certbot renew --dry-run

The above command will automatically check the currently installed certificates and tries to renew them if they are less than 30 days away from the expiration date.

We can also add a cronjob to automatically run the above command twice a day.

To do so, edit the crontab with the following command:

crontab -e

Add the following line:

* */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1

Save and close the file.

ashishpsk

Latest posts

GRANT read only access to a PostgreSQL database for a user

In your terminal, login as the postgres user (for security reasons, the postgres user has no password. That’s...

Command to know TLS Version:

openssl ciphers -v | awk '{print $2}' | sort | uniq

For TLS 1.3:

openssl s_client...

Let’s Encrypt on CentOS 7 with Apache

ashishpsk

Latest posts

GRANT read only access to a PostgreSQL database for a user

Command to know TLS Version:

Find Cause of Spam Source

How can i disable MySQL strict mode ?

How to give a user permission to restart apache?

MySQL SHOW USERS: List All Users in a MySQL Database Server

Leave a Comment

Leave a Reply Cancel reply

Let’s Encrypt on CentOS 7 with Apache

Related posts

Latest posts

Leave a Comment

Leave a Reply Cancel reply

Search