Apache
--------
Install Let’s Encrypt SSL on CentOS 8 / RHEL 8 with Apache
we are going to setup Let’s Encrypt SSL (free SSL) on CentOS 8 / RHEL 8 server running Apache webserver.
Table of Contents
Step 1 : Install Certbot – Let’s Encrypt Client
At first, we need to install mod_ssl:
sudo dnf install -y mod_ssl
Copy
If you’re using firewall, then open HTTPS port. I’m showing for firewalld:
# open port firewall-cmd --permanent --add-port=443/tcp # reload firewall-cmd --reload
Copy
Now let’s download Certbot from its official website:
# downloadcurl -O https://dl.eff.org/certbot-auto # movemv certbot-auto /usr/local/bin/certbot # set permissionchmod 0755 /usr/local/bin/certbot
Copy
Step 2 : Generate SSL Certificate
We have the necessary modules to generate Let’s Encrypt SSL. To generate certificate for a single domain, run this command:
certbot --apache -d example.com
Copy
To generate SSL for multiple domains or subdomains, run this command:
certbot --apache -d example.com -d www.example.com
Copy
Here, example.com is the base domain.
You can also generate an SSL certificate by choosing a domain name. To do this, run this command to show all hosted domains:
certbot --apache
Copy
Choose one option and run that command what you needed. After successful installation, you will see a message similar to this message:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2019-10-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Step 3 : Setup Auto-renewal
We know that Let’s Encrypt certificates are valid for 90 days. But we can renew the certificates very easily. Just run this command before the expiration date:
certbot renew
Copy
We can also setup a cronjob to renew automatically. Open the cronjob:
crontab -e
Copy
Then add this line:
0 0 * * 1 /usr/local/bin/certbot renew >> /var/log/sslrenew.log
Copy
Step 4 : Check Certificate Status
We have successfully installed Let’s Encrypt SSL. Now let’s check the status of the SSL certificate by visiting this URL:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
Step 5 : Delete Certbot Certificate
To delete the certificate we have to run this command:
# to select domain name certbot delete # directly assign domain name certbot delete --cert-name example.com
-----