How to Install a Let's Encrypt SSL/TLS Certificate on CentOS 7 with Apache Web S...
source link: https://www.vultr.com/docs/how-to-install-a-lets-encrypt-ssl-tls-certificate-on-centos-7-with-apache-web-server
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Introduction
Let's Encrypt is a free, automated, and open certificate authority provided by the Internet Security Research Group. In this tutorial, you use Certbot, a free, open-source tool used to streamline the installation process of Let's Encrypt SSL certificates for already configured web servers. SSL certificates are used to secure web traffic and allow HTTPS on websites.
Prerequisites
Before setting up Certbot, you should:
- Deploy a CentOS 7 cloud server at Vultr.
- Install and configure Apache.
- Create a non-root user with sudo privileges.
- Log in to your server as the non-root user.
- A valid email address
Install Snap
The current recommended method of installing Certbot is through the snap package manager. To install the snap package manager through Yum, you must install the Extra Packages for Enterprise Linux (EPEL) repository, as snap is not present within the default CentOS repositories.
$ sudo yum install epel-releaseWith the EPEL repository added to your CentOS repositories, install the
snapdpackage:$ sudo yum install snapdAfter you've installed the
snapdpackage, it is necessary to enable it through the system service manager:$ sudo systemctl enable --now snapd.socketCreate a system link to enable support for classic snaps:
$ ln -s /var/lib/snapd/snap /snapEither log out and back in or restart to update snap's paths.
Update snapd to the latest version.
$ snap install core; snap refresh core
Install Certbot
With the EPEL repository added, install Certbot through snap:
$ sudo snap install --classic certbot
Get SSL Certificate
Certbot automatically takes care of SSL certificate management and installation.
Specify a domain, and the current web server in use. In this example, the domain example.com is receiving a certificate:
$ sudo certbot --apache -d example.com
If you require SSL for multiple domains, specify them using the following command, ensuring the first domain specified is the base domain:
$ sudo certbot --apache -d example.com -d www.example.com
After you run the command specified earlier, you will see step-by-step instructions with choices about the contact email address, forcing HTTPS, and various certificate settings.
When the certificate installation concludes, a similar message should appear on your screen:
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
emails sent to [email protected].
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert
will expire on 2019-04-21. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at / etc / letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also have certificates and private keys obtained by Let's
Encrypt so regular backups of this folder is ideal.
Enabling Automatic Certificate Renewal
Let's Encrypt certificates are valid for 90 days and have to be manually renewed afterward. It's suggested to renew the certificates after 60 days though, to prevent potential issues. You can renew certificates by using the following command:
$ sudo certbot renew
To enable automatic certification renewal, create a new cronjob:
$ sudo crontab -e
And then schedule the task to run every Monday at midnight:
$ 0 0 * * 1 / usr / bin / certbot renew >> /var/log/sslrenew.log
Note: The script logs to the /var/log/sslrenew.log file.
Conclusion
You've just configured SSL and enabled HTTPS on your Apache web server. As a result, all traffic going through your server is now encrypted.
Want to contribute?
You could earn up to $600 by adding new articles
Recommend
-
14
Install Mastodon on Ubuntu 20.04/18.04 With Let's Encrypt SSL CertificateMastodon is a free and open source self-hosted social network server licensed under AGPLv3. Mastodon is similar in features to Twitter and allows you to...
-
15
Install Wekan Kanban on CentOS 7Search ComputingForGeeksWekan is an Open Source kanban board application wit...
-
21
This guide will take you through steps to Install Dokuwiki behind nginx and letsencrypt on CentOS 7 Linux. But before we can do any installation, I’ll assume you have a newly provisioned CentOS 7 Linux server that you need to do some prereqs...
-
15
Install Odoo 14 on CentOS 8 With Let's Encrypt SSLSearch ComputingForGeeksThis post has been written to guid...
-
89
Welcome to our guide on How to Install Ansible AWX on CentOS 7 / Fedora with Nginx Reverse Proxy and Let’s Encrypt SSL Certificate. This installation will have http to https redirection configured on Nginx.What is AWX?AWX is t...
-
11
Install Nextcloud 22 on CentOS 7 With Let's Encrypt SSLHow do I install Nextcloud 22 on CentOS 7 Linux?. This guide will walk you through the installation of Nextcloud 22 on CentOS 7 with PHP 7.3, Apache and MariaDB 10.4. You can optionally c...
-
11
Install Sentrifugo HRM on Ubuntu 18.04 with Let's Encrypt SSL CertificateIn this guide, I’ll cover the installation of Sentrifugo HRM on Ubuntu 18.04 LTS and securing the installation with Let’s Encrypt. Sentrifugo is a powerful open source H...
-
5
Using a Different System? Let...
-
6
Using a Different System? Let...
-
4
Let's Encrypt 如何在CentOS 7 Apache配置Let's Encrypt SSL证书 Web进行安全通信依赖于HTTPS,这需要使用数字证书,以便浏览器验证Web服...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK