In this tutorial, we will show you how to install a Free SSL Certificate for Apache on CentOS 8. For those of you who didn’t know, Let’s Encrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of SSL for Apache on a CentOS server.
Prerequisites
- A server running one of the following operating systems: CentOS 8.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Free SSL Certificate for Apache on CentOS 8
Step 1. First, let’s start by ensuring your system is up-to-date.
dnf update
Step 2. Installing Apache webserver.
Obviously, we will need an Apache server to be installed on our machine. If you do not have LAMP installed, We can install it with the following guide here.
Step 3. Installing Certbot for Apache on CentOS 8.
Run these commands on the command line on the machine to install Certbot:
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
Then, run this command to get a certificate and have Certbot edit your Apache configuration automatically:
sudo /usr/local/bin/certbot-auto --apache
Step 3. Certbot Auto-Renew Cron Job.
Let’s Encrypt SSL certificates will get expired after 90 days of installation and you must renew them before it gets expired. If you have installed certificates using certbot then it must have already created a cronjob to auto-renew certificates:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
Step 4. Verify that Certbot worked.
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=your_domain.com
Congratulations! You have successfully installed free SSL Certificates. Thanks for using this tutorial to install Let’s Encrypt SSL Certificates on the CentOS Linux system. For additional help or useful information, we recommend you check the official Let’s Encrypt website.
