How To Setup Let’s Encrypt SSL Certificate with Apache on CentOS 8
Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server. This allows one server to share its resources, such as memory and processor cycles, without requiring all services provided to use the same host name.
SSL (secure socket layer) to establish an encrypted link between a web server and a browser. is the standard method for establishing an encrypted link between a web server and a browser.
Requirements
The LAMP stack or just Apache web server should be installed on your system. To install apache web server on your system, checkout our How to install Apache on CentOS 8 guide.
Replace
domain_name.comwith your actual domain name in the below steps
To install apache web server on your system.
You can follow the instructions from our How to install Apache on CentOS 8 guide.
Creating vHost
To create virtual Host for your domain, replace www.domain_name
with your actual domain name.
vi /etc/httpd/conf.d/www.domain_name.conf
Add this into the file.
<VirtualHost *:80>
ServerName domain_name
ServerAlias www.domain_name
DocumentRoot /var/www/www.domain_name
<Directory /var/www/www.domain_name>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/www.domain_name-error.log
CustomLog /var/log/httpd/www.domain_name-access.log combined
</VirtualHost>
Create root document to place HTML files.
mkdir -p /var/www/www.domain_name
Change the Permission.
chown -R apache:apache /var/www/www.domain_name
Restart the apache service.
systemctl restart httpd
To check DNS propagation.
nslookup www.Domain_name
Example Output:
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: www.193.29.58.131.xip.io
Address: 193.29.58.131
To setup the firewall to allow HTTPS requests.
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
Example Output:
[root@my ~]# firewall-cmd --permanent --add-port=443/tcp
success
[root@my ~]# firewall-cmd --reload
success
TO verify Let’s Encrypt certificate in website.
https://www.domain_name
Adding EPEL Repository
dnf install epel-release
dnf upgrade
Installing Snapd
dnf install snapd
Enable the snapd once installed.
systemctl enable --now snapd.socket
To enable classic snap support, enter the following to create a symbolic link between /var/lib/snapd/snap and /snap:
ln -s /var/lib/snapd/snap /snap
Installing Certbot
Run the following command to install Certbot.
snap install --classic certbot
To enable classic snap support, create a symbolic link between /var/lib/snapd/snap and /snap.
ln -s /snap/bin/certbot /usr/bin/certbot
certbot certonly --apache
To test the SSL Certificate.
https://www.ssllabs.com/ssltest/analyze.html?d=www.domain_name
Note: to actually renew the certificate, run the command with out the --dry-run
option.
Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it.
certbot --apache
Testing for automatic renewal
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire
certbot renew --dry-run
To confirm that your site is set up properly, visit in your browser.
https://www.domain_name
CrownCloud - Get a SSD powered KVM VPS at $4.5/month!
Use the code WELCOME
for 10% off!
1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month
Available Locations: LAX | MIA | ATL | FRA | AMS