Introduction
Let’s Encrypt is a free, automated, and open certificate authority managed by the Internet Security Research Group. Let’s Encrypt provide two types of certificates The standard single domain SSL and wildcard SSL, These certificates are domain-validated.
This article will explain how to secure Apache with let's encrypt on CentOS 7.
Prerequisites
- A root or non-root user with
sudo
privileges. - A domain name that directs people to the public server's IP address.
Install Certbot
Certbot can automate the tasks for obtaining and renewing Let’s Encrypt SSL certificates.
-
Update the system.
# sudo yum -y update
-
Enable access to the EPEL repository.
# sudo yum install epel-release
-
Install
certbot-nginx
Let’s Encrypt the client and other required packages.
While the installation process you need to import and accept the GPG key by typing# sudo yum install certbot python2-certbot-apache mod_ssl
y
.
Setting up Apache
-
If Apache is not installed yet on your system let's install it first.
# sudo yum install httpd
-
Start Apache service using
systemctl
# sudo systemctl start httpd
-
Create a document root folder for apache.
# mkdir /var/www/test
-
Create a virtual host config file using the below command.
# vi /etc/httpd/conf.d/test-site.conf
- Add the below code to the file.
Replace the ServerName and ServerAlias name with your domain name then save and close the file.<VirtualHost *:80>
ServerAdmin admin@test.com
DocumentRoot "/var/www/test"
ServerName example.com
ServerAlias www.example.com
ErrorLog "/var/log/httpd/test.error_log"
CustomLog "/var/log/httpd/test.access_log" common
</VirtualHost> -
Add an index.html file for testing purposes.
# vi /var/www/test/index.html
- Add the following content to the index.html file then save and close the file.
All Good!
-
Change the owner of the “/var/www/test” directory.
# chown -R apache:apache /var/www/test
Requesting a TLS/SSL Certificate Using Certbot
- Request a certificate and automatically configure it on Apache.
Replace your domain name with an# sudo certbot --apache -d example.com
example.com
in the above command. if you running Certbot for the first time you will be prompted to enter an email and pressY
to agree to the terms of service.
- Confirm whether your new certificate is accessible or not over HTTPS. To do this Try reloading your website using
https://example.com
and notice your browser’s security indicator.