Introduction
Let’s Encrypt is a free, automated, and open certificate authority managed by the Internet Security Research Group. Let’s Encrypt provide two types of certificates The standard single domain SSL and wildcard SSL, These certificates are domain-validated.
This article will explain how to secure Apache with let's encrypt on CentOS 7.
Prerequisites
- A root or non-root user with
sudoprivileges. - A domain name that directs people to the public server's IP address.
Install Certbot
Certbot can automate the tasks for obtaining and renewing Let’s Encrypt SSL certificates.
-
Update the system.
# sudo yum -y update -
Enable access to the EPEL repository.
# sudo yum install epel-release -
Install
certbot-nginxLet’s Encrypt the client and other required packages.
While the installation process you need to import and accept the GPG key by typing# sudo yum install certbot python2-certbot-apache mod_ssly.
Setting up Apache
-
If Apache is not installed yet on your system let's install it first.
# sudo yum install httpd -
Start Apache service using
systemctl# sudo systemctl start httpd -
Create a document root folder for apache.
# mkdir /var/www/test -
Create a virtual host config file using the below command.
# vi /etc/httpd/conf.d/test-site.conf - Add the below code to the file.
Replace the ServerName and ServerAlias name with your domain name then save and close the file.<VirtualHost *:80>
ServerAdmin admin@test.com
DocumentRoot "/var/www/test"
ServerName example.com
ServerAlias www.example.com
ErrorLog "/var/log/httpd/test.error_log"
CustomLog "/var/log/httpd/test.access_log" common
</VirtualHost> -
Add an index.html file for testing purposes.
# vi /var/www/test/index.html - Add the following content to the index.html file then save and close the file.
All Good! -
Change the owner of the “/var/www/test” directory.
# chown -R apache:apache /var/www/test
Requesting a TLS/SSL Certificate Using Certbot
- Request a certificate and automatically configure it on Apache.
Replace your domain name with an# sudo certbot --apache -d example.comexample.comin the above command. if you running Certbot for the first time you will be prompted to enter an email and pressYto agree to the terms of service. - Confirm whether your new certificate is accessible or not over HTTPS. To do this Try reloading your website using
https://example.comand notice your browser’s security indicator.