СHRISTMAS
WHEEL OF FORTUNE

Tap the button and win a guaranteed prize right now!

By registering, you are signing up to receiving e-mails.
JH
Joe Harris
November 25 2020
Updated June 7 2023

How to Setup Let’s Encrypt SSL with Apache on CentOS 8

CentOS Linux SSL Web server

The Certbot package allows you to obtain Let’s Encrypt SSL certificate, install it on the Apache web server, and automatically renew it. First, you will need a domain name and a CentOS server with a public IP address. In addition, your domain's DNS A record must contain the IP address of your server.
Before you begin, configure Apache virtual host.

Packages installation

We recently watched the process of installing Certbot using snapd. You can use this method and skip this step in the tutorial, except for the installation of mod_ssl. Here we will use an alternative way to install Certbot.

Install an additional package repository.

dnf install epel-release

Now install Certbot, the Apache plugin for it, and mod_ssl.

dnf install certbot python3-certbot-apache mod_ssl

Restart Apache.

systemctl restart httpd

Obtaining an SSL certificate

To obtain and automatically setup Let’s Encrypt SSL certificate on Apache, run:

certbot --apache

Follow the instructions, they have sufficient explanations. At the stage of choosing a domain name, you can specify 2 options at once: with and without www, separated by commas.
When the process is complete, Apache will be automatically configured to use the newly received certificates. You can verify this by entering your domain name in the browser's address bar. Additionally, you can test the SSL settings and certificate on the https://www.ssllabs.com/analyze.html page.

Automatic renewal of the SSL certificate

To enable automatic start of the renewal process, run:

echo "0 0,12 * * * root python -c 'import random;
import time; time.sleep(random.random() * 3600)' &&
/usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab

This will add a cron task running twice a day at random times for an hour to reduce the workload on Let's Encrypt servers. To make sure that the task is present, run:

cat /etc/crontab

To run the certificate update script test, run:

certbot renew --dry-run

Vote:
5 out of 5
Аverage rating : 5
Rated by: 2
33145 North Miami, FL 2520 Coral Way apt 2-135
+1 302 425-97-76
700 300
ITGLOBAL.COM CORP
700 300
We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.