In this tutorial, we are learning, with step-by-step instructions on how to install Let’s Encrypt SSL certificate with Apache on CentOS. Let’s Encrypt is an open SSL Certificate Authority (CA) that offers free domain-validated (DV) certificates for your websites. SSL Certificates are used to establish a secure encrypted connection between a web server and a user’s web browser. The SSL certificates that have been issued by Let’s Encrypt are valid for 90 days and are trusted by most web browsers today.
Step 1: Install CertBot
$ yum -y install epel-release
$ yum install httpd mod_ssl python-certbot-apache
Step 2: Set Up the SSL Certificate
Install Let’s Encrypt SSL certificate on your domain (change ‘yourdomain.com’ with your actual domain):
If you want to install a single certificate that is valid for multiple domains or subdomains, you can pass them as additional parameters to the command. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate, and for that reason we recommend that you pass the bare top-level domain name as first in the list, followed by any additional subdomains or aliases
Step 3: Renew the SSL certificate
Install Let’s Encrypt SSL certificate on your domain (change ‘yourdomain.com’ with your actual domain):
$ sudo certbot --apache -d example.com --preferred-challenges http
If you want to install a single certificate that is valid for multiple domains or subdomains, you can pass them as additional parameters to the command. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate, and for that reason we recommend that you pass the bare top-level domain name as first in the list, followed by any additional subdomains or aliases
$ sudo certbot --apache -d example.com -d www.example.com --preferred-challenges http
Step 3: Renew the SSL certificate
Insert below command for renewing SSL certificate.
$ sudo certbot renew
Step 4: Auto-Renew the SSL certificate with a cronjob
Create a cronjob so the SSL certificate is renewed automatically. Run:
Create a cronjob so the SSL certificate is renewed automatically. Run:
$ crontab -e
and add the following line.
0 0 1 * * /usr/bin/certbot renew >> /var/log/letsencrypt-renew.log
Save and close that file and restart cron service for the changes to take effect.
$ /sbin/service crond restart
Open https://yourdomain.com in a web browser, and check whether Let’s Encrypt SSL is installed properly.
