How to Secure Apache with Let’s Encrypt on CentOS 8

Secure Apache with Let's Encrypt on CentOS 8

In this article, we will have explained the necessary steps to secure Apache with let’s encrypt on CentOS 8. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Let’s Encrypt is a certificate authority that provides free SSL certificates for the website, operating since April 2016, and supported by companies and internet organizations of the world such as Mozilla, Cisco, Chrome, Akamai, etc.


  • Operating System with CentOS 8
  • Server IPv4 Address with Superuser Privileges (Root Access)
  • Gnome Terminal for Linux Desktop
  • PuTTy SSH client for Windows or macOS
  • Powershell for Windows 10/11
  • Familiar with APT Commands

Secure Apache with Let’s Encrypt on CentOS 8

Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.

sudo yum install epel-release
sudo yum update
sudo yum install mod_ssl openssl

Before installing the Let’s Encrypt SSL domain should be well accessed and use the Apache virtual host. Read the tutorial on how to Install Apache on CentOS 8.

Step 2. Install Certbot.

Certbot is a free command-line tool that simplifies the process for obtaining and renewing Let’s Encrypt SSL certificates from and auto-enabling HTTPS on your server:

sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

Then, run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step:

sudo /usr/local/bin/certbot-auto --apache

Step 3. Set up automatic renewal let’s encrypt.

The SSL certificate is only valid for 90 days, for the certificate update run renew:

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null

Step 4. Checking your Certificate Status.

You can ensure that Certbot created your SSL certificate correctly by using the SSL Server Test from the cloud security company Qualys. Open the following link in your preferred web browser, replacing with your base domain:

Congratulation, you have learned how to secure Apache with let’s encrypt on CentOS 8. If you have any questions, please leave a comment below.