29.9 C
Texas
Melhttp://www.osradar.com
Guru Unix /Linux and GNU supporter

install Let’s Encrypt on CentOS 7 with Apache

we  will show you How to install Let’s Encrypt on CentOS 7 with Apache.  this opensource code  of Let’s Encrypt is a completely free ,secure and fully automated,  this  make your woprk easy to setup the TLS certificates on your server

Let’s Encrypt is known  by major  internet players like Mozilla, Akamai, Cisco and from all browsers, The webmasters owners can easily obtain security certificates in few easy steps

1. Lets  Update the system

Updatin Centos or Redhat should be done via yum command.

- Advertisement -

 

[root@osradar-centos7 ~]# yum update -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.mirror1.spango.com
* extras: mirror.seedvps.com
* updates: mirror.hostnet.nl
Resolving Dependencies
--> Running transaction check
---> Package GeoIP.x86_64 0:1.5.0-11.el7 will be updated
---> Package GeoIP.x86_64 0:1.5.0-13.el7 will be an update
---> Package NetworkManager.x86_64 1:1.8.0-9.el7 will be updated
---> Package NetworkManager.x86_64 1:1.12.0-8.el7_6 will be an update
---> Package NetworkManager-libnm.x86_64 1:1.8.0-9.el7 will be updated
---> Package NetworkManager-libnm.x86_64 1:1.12.0-8.el7_6 will be an update
---> Package NetworkManager-team.x86_64 1:1.8.0-9.el7 will be updated
---> Package NetworkManager-team.x86_64 1:1.12.0-8.el7_6 will be an update
---> Package NetworkManager-tui.x86_64 1:1.8.0-9.el7 will be updated

 

2. Install Apache

Lets install Apache as  web server,

using this command:

# yum -y install httpd yum-utils

---> Package httpd.x86_64 0:2.4.6-88.el7.centos will be installed
--> Processing Dependency: httpd-tools = 2.4.6-88.el7.centos for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-88.el7.centos.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-88.el7.centos will be installed

3. Install mod_ssl

Install mod_ssl  is needed to configure Let’s Encrypt SSL certificate:

# yum -y install mod_ssl

4. Configure Apache

Create a document root folder for your site  like  Vhost

# mkdir /var/www/osradar
# chown -R apache:apache /var/www/osradar

Create a virtual host config for  osradar site by  pasting the following contents  in :

# vi /etc/httpd/conf.d/test-osradar.conf

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/var/www/osradar"
ServerName osradar.com
ServerAlias www.osradar.com
ErrorLog "/var/log/httpd/osradar.error_log"
CustomLog "/var/log/httpd/osradar.access_log" common
</VirtualHost>

 

Add a index.html file for testing purposes later with the following contents:

#vi  /var/www/osradar/index.html

Osradar   Testing

Allow  the Http  en   HTTPS  thrue the  firewall

[root@osradar-centos7 ~]# firewall-cmd --permanent --add-service=http
success
[root@osradar-centos7 ~]# firewall-cmd --permanent --add-service=https
success
[root@osradar-centos7 ~]# firewall-cmd --reload
success

Browse to   http://www.osradar.local


Apache is Done,   lets continue by installing certbot.

5. Install certbot

To install certbot first we need EPEL repository enabled, to do that execute the following command:

# yum -y install epel-release

Then install certbot for Apache:

# yum  install certbot-apache -y

Now that we have certbot installed, run certbot with the following command: certbot-2

# certbot-2

Certbot will ask you for the names you would like to activate HTTPS for:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: osradar.com
2: www.osradar.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Press enter to continue and then optionally if you want you can redirect your sites to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

If everything goes well you should see the following output:

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled
https://test.com and https://www.test.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=test.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com
-------------------------------------------------------------------------------

 

6. Configure automatic renewal

how to add a cronjob so our Let’s Encrypt SSL certificates can be renewed automatically.

Please execute the following command to edit the crontab  ( 1 time per day) :

# crontab -e

 

* 5 * * * /usr/bin/certbot renew >/dev/null 2>&1

Now you should have successfully installed and configured Let’s Encrypt with Apache.

 

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

1 COMMENT

  1. I am getting the following error while trying to install Let’s Encrypt SSL on my website:

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for linuxbuz.com
    http-01 challenge for http://www.linuxbuz.com
    Using the webroot path /var/www/html for all unmatched domains.
    Waiting for verification…
    Cleaning up challenges
    Failed authorization procedure. linuxbuz.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://linuxbuz.com/.well-known/acme-challenge/pYpAC6kT25C0itcTNKd8hwb_0VaoPxJVIkVg5_xn-N4 [77.111.240.95]: 403
    IMPORTANT NOTES:
    – The following errors were reported by the server:

    Domain: linuxbuz.com
    Type: unauthorized
    Detail: Invalid response from
    http://linuxbuz.com/.well-known/acme-challenge/pYpAC6kT25C0itcTNKd8hwb_0VaoPxJVIkVg5_xn-N4
    [77.111.240.95]: 403

LEAVE A REPLY

Please enter your comment!
Please enter your name here



Latest article