In this article, we will have explained the necessary steps to secure Apache with let’s encrypt on CentOS 8. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
Let’s Encrypt is a certificate authority that provides free SSL certificates for the website, operating since April 2016, and supported by companies and internet organizations of the world such as Mozilla, Cisco, Chrome, Akamai, etc.
Prerequisite:
- Operating System with CentOS 8
- Server IPv4 Address with Superuser Privileges (Root Access)
- Gnome Terminal for Linux Desktop
- PuTTy SSH client for Windows or macOS
- Powershell for Windows 10/11
- Familiar with APT Commands
Secure Apache with Let’s Encrypt on CentOS 8
Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.
sudo yum install epel-release sudo yum update sudo yum install mod_ssl openssl
Before installing the Let’s Encrypt SSL domain should be well accessed and use the Apache virtual host. Read the tutorial on how to Install Apache on CentOS 8.
Step 2. Install Certbot.
Certbot is a free command-line tool that simplifies the process for obtaining and renewing Let’s Encrypt SSL certificates from and auto-enabling HTTPS on your server:
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
Then, run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step:
sudo /usr/local/bin/certbot-auto --apache
Step 3. Set up automatic renewal let’s encrypt.
The SSL certificate is only valid for 90 days, for the certificate update run renew:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
Step 4. Checking your Certificate Status.
You can ensure that Certbot created your SSL certificate correctly by using the SSL Server Test from the cloud security company Qualys. Open the following link in your preferred web browser, replacing example.com with your base domain:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
Congratulation, you have learned how to secure Apache with let’s encrypt on CentOS 8. If you have any questions, please leave a comment below.