letsencrypt

Download the Let’s Encrypt Client

sudo yum install epel-release
sudo yum install python-certbot-apache

Set Up the SSL Certificate

certbot --apache certonly

Reorganizing your Virtual Hosts

You can Set the following path in the /etc/httpd/conf.d/ssl.conf file:

SSLCertificateFile /etc/letsencrypt/live/caock.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/caock.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/caock.net/chain.pem

IF you are using VirtualHost, you can set it in your VirtualHost

<VirtualHost *:443>
        ServerName caock.net
        DocumentRoot /var/www/caock.net
        ErrorLog /var/log/apache/caock.net/error.log
        CustomLog /var/log/apache/caock.net/access.log combined
 
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/caock.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/caock.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/caock.net/chain.pem
 
</VirtualHost>

sudo systemctl restart httpd

Checking your Certificate Status

https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest

Step 5 Set Up Auto Renewal

Let’s Encrypt certificates last for 90 days, so it’s highly advisable to renew them automatically! You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal by adding a root cronor systemd job which runs the following:

certbot renew --quiet

example command:

sudo crontab -e

@monthly certbot renew --quiet

Easiest Reference: certbot  For Centos 7 Apache

Reference to Install

Reference to configuration

Add a Comment

Your email address will not be published. Required fields are marked *

twenty + six =