Vannkorn

Full Stack Web Developer

Close

Installing Let’s Encrypt SSL Certificate (HTTPS) on CentOS7

If you're not using any third-party software like Vesta CP or Hestia CP on your CentOS7 server, installing an SSL Certificate from Let's Encrypt from scratch is also possible and easy.

Ads: Register now via this link to receive $300 credit from Vultr

Installing Let's Encrypt SSL Certificate (HTTPS) on CentOS7

Starting from October 2017, Chrome web browser showed the Not secure label to any website address (URL) that fails to have SSL Certificate or HTTPS (Hypertext Transfer Protocol Secure) installed. This is to make sure data transferred back and forth to your web server is protected with encryption.

Google also warned to drop those websites’ ranking if they don’t have it installed.

Among other Certificate Authorities (CA), Let’s Encrypt is dominant in its free and easy-to-use certificate so that everyone can deploy HTTPS.

Let’s get started!

Before installing the certificate, let’s make sure our system is up to date; and since we’re using CentOS7 for this scenario, let’s run the following command:

yum -y update

Next, we need mod_ssl PHP extension to configure Let’s Encrypt.

yum -y install mod_ssl

Then create a folder vannkorn.com to configure Apache (vannkorn.com is the domain to be tested in this scenario. Use your own one).

mkdir /var/www/vannkorn.com

After that create a virtual host config file

nano /etc/httpd/conf.d/vannkorn.com

And enter the following code into that file. Also, make sure to replace vannkorn.com to your own domain:

<VirtualHost *:80>
ServerAdmin ask@vannkorn
DocumentRoot "/var/www/vannkorn.com"
ServerName vannkorn.com
ServerAlias vannkorn.com
ErrorLog "/var/log/httpd/vannkorn.error_log"
CustomLog "/var/log/httpd/vannkorn.access_log" common
</VirtualHost>

Next, make sure this newly created file is under the current Apache user’s ownership. In my case, the user is vannkorn.

chown -R vannkorn:vannkorn /var/www/vannkorn.com

Install Certbot

Certbot is an easy-to-use client software that fetches a certificate from Let’s Encrypt and deploys it to a web server. Certbot requires EPEL repository installed and activated. To do so, run the following command:

yum -y install epel-release

Next, install yum-utils

yum -y install yum-utils

After that, we can install Certbot for Apache

yum -y install certbot-apache

When we have Certbot installed, it’s time to run certbot command to install SSL Certificate from Let’s Encrypt.

certbot

There will be then a prompt asking you for names you want to activate the HTTPS on:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apacheStarting new HTTPS
connection (1): acme-v01.api.letsencrypt.org
Which names would you like to activate HTTPS for?
------------------------------------------------------------
1: vannkorn.com
2: www.vannkorn.com
------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):

Following the instruction, just press enter so that both vannkorn.com and www.vannkorn.com will be redirected to HTTPS; and then another prompt will pop up:

Choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-----------------------------------------------------------
1: No redirect – Make no further changes to the web server configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration.
-----------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Type 2 to redirect all www and non-www to HTTPS.

You should see the output below if the process is done correctly
-----------------------------------------------------------
Congratulations! You have successfully enabled
https://vannkorn.com and https://vannkorn.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=vannkorn.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.vannkorn.com
-----------------------------------------------------------

Set Auto Renewal

Let’s Encrypt certificate is valid for only 90 days time or 3 months to minimize the impact of mis-issued certificates.

Fortunately, Let’s Encrypt provide a renew option and we can do that automatically with cron.

To set the automatic renewal, first, make sure you have nano installed and set it as the default editor so that you can edit the crontab file

yum -y install nano
export EDITOR=/bin/nano
crontab -e

Since Let’s Encrypt suggests the automatic renew cron job runs twice a day, put the following configuration in and then hit Save and Exit:

*/12 * * * /usr/bin/certbot renew >/dev/null 2>&1

That’s it! Let me know in the comment below if you’re having trouble with the steps above or if have anything to share.

Related

Leave a Reply

Your email address will not be published. Required fields are marked *