Issue SSL Certificates for Apache Using Certbot on CentOS 7
Introduction
Certbot is an automated SSL Certificate issuer for the Let's Encrypt Certificate Authority. It was developed as a client for Let’s Encrypt and will also work with any other CAs that support the ACME protocol.
In this tutorial, we will cover the process of installing Certbot on CentOS 7 running Apache and configure it to issue and and renew Let's Encrypt SSL Certificates.
Prerequisites
- A CentOS 7 Server
- A functional Apache webserver
- mod_ssl
Installation
Certbot is available on the EPEL Yum Repository. If you do not have EPEL installed already, you can install it using the command below:
# yum -y install epel-release mod_ssl openssl
Next, we will need to install Certbot and its Apache plugin
# yum -y install certbot python-certbot-apache
Run Certbot:
# certbot --apache
To avoid errors, please ensure that your virtual host is already setup for the domain you wish to the the SSL Certificate for and that DNS is properly configured.
Configuration
Once you run the Certbot Apache Plugin, an installation wizard will appear. The configurable options include:
- Select domains you wish to issue a certificate for (Note: www.example.com and example.com will be issued separate SSL Certificates).
- SSL Enforcement Options.
Auto-Renewal
Let's Encrypt certificates expire after 90 days. Certbot can handle automated renewals with ease.
# certbot renew --dry-run
# certbot renew --quiet
This concludes our tutorial. Thank you for reading.