How To Setup Let’s Encrypt SSL Certificate with Apache on CentOS 8

Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server. This allows one server to share its resources, such as memory and processor cycles, without requiring all services provided to use the same host name.

SSL (secure socket layer) to establish an encrypted link between a web server and a browser. is the standard method for establishing an encrypted link between a web server and a browser.

Requirements

The LAMP stack or just Apache web server should be installed on your system. To install apache web server on your system, checkout our How to install Apache on CentOS 8 guide.

Replacedomain_name.comwith your actual domain name in the below steps

To install apache web server on your system.

You can follow the instructions from our How to install Apache on CentOS 8 guide.

Creating vHost

To create virtual Host for your domain, replace www.domain_name with your actual domain name.

vi /etc/httpd/conf.d/www.domain_name.conf

Add this into the file.

<VirtualHost *:80>
  ServerName domain_name
  ServerAlias www.domain_name
  DocumentRoot /var/www/www.domain_name

  <Directory /var/www/www.domain_name>
      Options -Indexes +FollowSymLinks
      AllowOverride All
  </Directory>

  ErrorLog /var/log/httpd/www.domain_name-error.log
  CustomLog /var/log/httpd/www.domain_name-access.log combined
</VirtualHost>

Create root document to place HTML files.

mkdir -p /var/www/www.domain_name

Change the Permission.

chown -R apache:apache /var/www/www.domain_name

Restart the apache service.

systemctl restart httpd

To check DNS propagation.

nslookup www.Domain_name

Example Output:

Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   www.193.29.58.131.xip.io
Address: 193.29.58.131

To setup the firewall to allow HTTPS requests.

firewall-cmd --permanent --add-port=443/tcp

firewall-cmd --reload

Example Output:

[root@my ~]# firewall-cmd --permanent --add-port=443/tcp
success
[root@my ~]# firewall-cmd --reload
success

TO verify Let’s Encrypt certificate in website.

https://www.domain_name

Adding EPEL Repository

dnf install epel-release

dnf upgrade

Installing Snapd

dnf install snapd

Enable the snapd once installed.

systemctl enable --now snapd.socket

To enable classic snap support, enter the following to create a symbolic link between /var/lib/snapd/snap and /snap:

ln -s /var/lib/snapd/snap /snap

Installing Certbot

Run the following command to install Certbot.

snap install --classic certbot

To enable classic snap support, create a symbolic link between /var/lib/snapd/snap and /snap.

ln -s /snap/bin/certbot /usr/bin/certbot

certbot certonly --apache

To test the SSL Certificate.

https://www.ssllabs.com/ssltest/analyze.html?d=www.domain_name

Note: to actually renew the certificate, run the command with out the --dry-run option.

Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it.

certbot --apache

Testing for automatic renewal

The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire

certbot renew --dry-run

To confirm that your site is set up properly, visit in your browser.

https://www.domain_name