How To Setup Let’s Encrypt SSL Certificate with Apache on CentOS 8

Requirements,

Either LAMP stack or only Apache web server should be installed on your system. Domain name should be registered and pointed to your IP address, A record and CNAME record alias to www.domain_name.com. Replace domain_name.com with your actual domain name in the below steps

To install apache web server on your system.

You can follow the instructions from our How to install Apache on CentOS 8 guide.

TO Install apache and mod_ssl for CentOS8.

yum install -y httpd mod_ssl

Example Output:

Downloading Packages:
(1/2): sscg-2.3.3-6.el8.x86_64.rpm               41 kB/s |  43 kB     00:01
(2/2): mod_ssl-2.4.37-12.module_el8.0.0+185+590 121 kB/s | 130 kB     00:01
--------------------------------------------------------------------------------
Total                                            81 kB/s | 173 kB     00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Installing       : sscg-2.3.3-6.el8.x86_64                                1/2
  Installing       : mod_ssl-1:2.4.37-12.module_el8.0.0+185+5908b0db.x86_   2/2
  Running scriptlet: mod_ssl-1:2.4.37-12.module_el8.0.0+185+5908b0db.x86_   2/2
  Verifying        : mod_ssl-1:2.4.37-12.module_el8.0.0+185+5908b0db.x86_   1/2
  Verifying        : sscg-2.3.3-6.el8.x86_64                                2/2

Installed:
  mod_ssl-1:2.4.37-12.module_el8.0.0+185+5908b0db.x86_64
  sscg-2.3.3-6.el8.x86_64

Complete!

To download Certbot.

curl -O https://dl.eff.org/certbot-auto

Move over the file and provide appropriate permissions.

mv certbot-auto /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto

To create virtual Host for your domain, replace www.domain_name with your actual domain name.

vi /etc/httpd/conf.d/www.domain_name.conf

Add this into the file.

<VirtualHost *:80>
  ServerName domain_name
  ServerAlias www.domain_name
  DocumentRoot /var/www/www.domain_name

  <Directory /var/www/www.domain_name>
      Options -Indexes +FollowSymLinks
      AllowOverride All
  </Directory>

  ErrorLog /var/log/httpd/www.domain_name-error.log
  CustomLog /var/log/httpd/www.domain_name-access.log combined
</VirtualHost>

Create root document to place HTML files.

mkdir -p /var/www/www.domain_name

Change the Permission.

chown -R apache:apache /var/www/www.domain_name

Restart the apache service.

systemctl restart httpd

To check DNS propagation.

nslookup www.Domain_name

Example Output:

Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   www.193.29.58.131.xip.io
Address: 193.29.58.131

To setup the firewall to allow HTTPS requests.

firewall-cmd --permanent --add-port=443/tcp

firewall-cmd --reload

Example Output:

[[email protected] ~]# firewall-cmd --permanent --add-port=443/tcp
success
[[email protected] ~]# firewall-cmd --reload
success

TO verify Let’s Encrypt certificate in website.

https://www.domain_name

To test the SSL Certificate.

https://www.ssllabs.com/ssltest/analyze.html?d=www.domain_name

To renew Let’s Encrypt Certificate.

Let's Encrypt SSL Certificate is valid for 90 days from the date of issuance and needs to be re-newed before the certificate expires.

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null

Simulating the renewal process with the below command.

/usr/local/bin/certbot-auto renew --dry-run

Note: to actually renew the certificate, run the above command with out the --dry-run option.