Introduction
Let's Encrypt is a free, automated, and open certificate authority provided by the Internet Security Research Group. In this tutorial, you use Certbot, a free, open-source tool used to streamline the installation process of Let's Encrypt SSL certificates for already configured web servers. SSL certificates are used to secure web traffic and allow HTTPS on websites.
Prerequisites
Before setting up Certbot, you should:
- Deploy a CentOS 7 cloud server at Rcs.
- Install and configure Apache.
- Create a non-root user with sudo privileges.
- Log in to your server as the non-root user.
- A valid email address
Install Snap
The current recommended method of installing Certbot is through the snap package manager. To install the snap package manager through Yum, you must install the Extra Packages for Enterprise Linux (EPEL) repository, as snap is not present within the default CentOS repositories.
$ sudo yum install epel-release
With the EPEL repository added to your CentOS repositories, install the
snapd
package:$ sudo yum install snapd
After you've installed the
snapd
package, it is necessary to enable it through the system service manager:$ sudo systemctl enable --now snapd.socket
Create a system link to enable support for classic snaps:
$ ln -s /var/lib/snapd/snap /snap
Either log out and back in or restart to update snap's paths.
Update snapd to the latest version.
$ snap install core; snap refresh core
Install Certbot
With the EPEL repository added, install Certbot through snap:
$ sudo snap install --classic certbot
Get SSL Certificate
Certbot automatically takes care of SSL certificate management and installation.
Specify a domain, and the current web server in use. In this example, the domain example.com
is receiving a certificate:
$ sudo certbot --apache -d example.com
If you require SSL for multiple domains, specify them using the following command, ensuring the first domain specified is the base domain:
$ sudo certbot --apache -d example.com -d www.example.com
After you run the command specified earlier, you will see step-by-step instructions with choices about the contact email address, forcing HTTPS, and various certificate settings.
When the certificate installation concludes, a similar message should appear on your screen:
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
emails sent to user@example.com.
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert
will expire on 2019-04-21. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at / etc / letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also have certificates and private keys obtained by Let's
Encrypt so regular backups of this folder is ideal.
Enabling Automatic Certificate Renewal
Let's Encrypt certificates are valid for 90 days and have to be manually renewed afterward. It's suggested to renew the certificates after 60 days though, to prevent potential issues. You can renew certificates by using the following command:
$ sudo certbot renew
To enable automatic certification renewal, create a new cronjob:
$ sudo crontab -e
And then schedule the task to run every Monday at midnight:
$ 0 0 * * 1 / usr / bin / certbot renew >> /var/log/sslrenew.log
Note: The script logs to the /var/log/sslrenew.log file.
Conclusion
You've just configured SSL and enabled HTTPS on your Apache web server. As a result, all traffic going through your server is now encrypted.