How to Setup Let’s Encrypt SSL with Apache on CentOS 8
The Certbot package allows you to obtain Let’s Encrypt SSL certificate, install it on the Apache web server, and automatically renew it. First, you will need a domain name and a CentOS server with a public IP address. In addition, your domain's DNS A record must contain the IP address of your server.
Before you begin, configure Apache virtual host.
Packages installation
We recently watched the process of installing Certbot using snapd. You can use this method and skip this step in the tutorial, except for the installation of mod_ssl. Here we will use an alternative way to install Certbot.
Install an additional package repository.
dnf install epel-release
Now install Certbot, the Apache plugin for it, and mod_ssl.
dnf install certbot python3-certbot-apache mod_ssl
Restart Apache.
systemctl restart httpd
Obtaining an SSL certificate
To obtain and automatically setup Let’s Encrypt SSL certificate on Apache, run:
certbot --apache
Follow the instructions, they have sufficient explanations. At the stage of choosing a domain name, you can specify 2 options at once: with and without www, separated by commas.
When the process is complete, Apache will be automatically configured to use the newly received certificates. You can verify this by entering your domain name in the browser's address bar. Additionally, you can test the SSL settings and certificate on the https://www.ssllabs.com/analyze.html page.
Automatic renewal of the SSL certificate
To enable automatic start of the renewal process, run:
echo "0 0,12 * * * root python -c 'import random;
import time; time.sleep(random.random() * 3600)' &&
/usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab
This will add a cron task running twice a day at random times for an hour to reduce the workload on Let's Encrypt servers. To make sure that the task is present, run:
cat /etc/crontab
To run the certificate update script test, run:
certbot renew --dry-run