All HowTo's Cybersecurity Linux Redhat, Fedora and CentOS Linux Web Servers

Letsencrypt With Apache and CentOS7

Feb 12th, 2018. I’ve updated this document to reflect recent changes to the command used to generate certiciates with Lets Encrypt.

This article demonstrates how to add Letsencrypt SSL certificates to a CentOS 7 apache server. Some information for this article was obtained (and simplified) from here: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7

This is the minimum you’d do to get Letsencrypt working on your CentOS 7 or RHEL 7 server. We’re keeping SELinux on and have not previously configured a vhost (virtual host) for the domain we’re using Letsencrypt for.

We need the Epel repo and git:

yum install epel-release git

Now get Letsencrypt via git:

git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt

Get the certificate. Replace “agix.com.au” with your own domain:

./certbot-auto --authenticator webroot --webroot-path /var/www/html/www.agix.com.au/public/ --installer apache -d www.agix.com.au

You can add another domain to the above line. For example you can have “-d one.agix.com.au -d two.agix.com.au -d agix.com.au”.

The script above will assume you’re using the “ssl.conf” file unless you already have virtual host file for the letsencrypt certificate.

And you’re done. Go to your website with “https://” and see if it works.

To automatically renew the certificates on a regular basis, add the following to the root’s crontab:

0 0 * * * root /opt/letsencrypt/certbot-auto renew

Manually run the command “/opt/letsencrypt/certbot-auto renew” to make sure it works.

Leave a Reply

Your email address will not be published. Required fields are marked *