How to install Let’s Encrypt on CentOS 7 with Apache

Posted on by Colo-Serv Communications

banner dedicated


In this tutorial, we will explain how to install Let’s Encrypt SSL on CentOS 7 running Apache webserver.


Requirement:

  • CentOS 7 Server
  • Apache webserver with a working virtual host


Installation of the required packages

yum install epel-release -y
yum install mod-ssl -y


Install the Let’s Encrypt client

yum install python-certbot-apache -y


Installation of the SSL Certificate

In our example we will use the domain name colo-serv.net for the SSL installation

certbot --apache -d colo-serv.net


During the installation of the SSL, you will able to choose if you want to force https
for the domain or leave http by default and be able to use https.
At the end of the process, you will receive a output like this

IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through
   e-mails sent to admin@colo-serv.net.
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/colo-serv.net/fullchain.pem. Your cert
   will expire on 2017-08-18. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
 - Your account credentials have been saved in your Let's Encrypt
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Let's
   Encrypt so making regular backups of this folder is ideal.
 - If you like Let's Encrypt, please consider supporting our work by:
 
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le


Renewal of your SSL

Let’s Encrypt Certificate is valid for 90 days only and should be renew before the ending date.


To renew your SSL manually

certbot renew

If the SSL is not due for renewall, you will receive this outpout

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/colo-serv.net.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/colo-serv.net/fullchain.pem (skipped)
No renewals were attempted.


You can use a crontab to renew your SSL

crontab -e

And add this cronjob

0 0 1 * * /usr/bin/certbot renew >> /var/log/letsencrypt.log

This crontab will renew your certificate at 12:00AM on the first of every month
and the output of the script will be saved in /var/log/letsencrypt.log


banner dedicated


  3 people found this article useful

Colo-Serv Communications has written 32 articles

Premium Dedicated Hosting Services