install Let’s Encrypt on CentOS 7 with Apache

0
222

we  will show you How to install Let’s Encrypt on CentOS 7 with Apache.  this opensource code  of Let’s Encrypt is a completely free ,secure and fully automated,  this  make your woprk easy to setup the TLS certificates on your server

Let’s Encrypt is known  by major  internet players like Mozilla, Akamai, Cisco and from all browsers, The webmasters owners can easily obtain security certificates in few easy steps

1. Lets  Update the system

Updatin Centos or Redhat should be done via yum command.

 

[root@osradar-centos7 ~]# yum update -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.mirror1.spango.com
* extras: mirror.seedvps.com
* updates: mirror.hostnet.nl
Resolving Dependencies
--> Running transaction check
---> Package GeoIP.x86_64 0:1.5.0-11.el7 will be updated
---> Package GeoIP.x86_64 0:1.5.0-13.el7 will be an update
---> Package NetworkManager.x86_64 1:1.8.0-9.el7 will be updated
---> Package NetworkManager.x86_64 1:1.12.0-8.el7_6 will be an update
---> Package NetworkManager-libnm.x86_64 1:1.8.0-9.el7 will be updated
---> Package NetworkManager-libnm.x86_64 1:1.12.0-8.el7_6 will be an update
---> Package NetworkManager-team.x86_64 1:1.8.0-9.el7 will be updated
---> Package NetworkManager-team.x86_64 1:1.12.0-8.el7_6 will be an update
---> Package NetworkManager-tui.x86_64 1:1.8.0-9.el7 will be updated

 

2. Install Apache

Lets install Apache as  web server,

using this command:

# yum -y install httpd yum-utils

---> Package httpd.x86_64 0:2.4.6-88.el7.centos will be installed
--> Processing Dependency: httpd-tools = 2.4.6-88.el7.centos for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-88.el7.centos.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-88.el7.centos will be installed

3. Install mod_ssl

Install mod_ssl  is needed to configure Let’s Encrypt SSL certificate:

# yum -y install mod_ssl

4. Configure Apache

Create a document root folder for your site  like  Vhost

# mkdir /var/www/osradar
# chown -R apache:apache /var/www/osradar

Create a virtual host config for  osradar site by  pasting the following contents  in :

# vi /etc/httpd/conf.d/test-osradar.conf

<VirtualHost *:80>
ServerAdmin admin@osradar.com
DocumentRoot "/var/www/osradar"
ServerName osradar.com
ServerAlias www.osradar.com
ErrorLog "/var/log/httpd/osradar.error_log"
CustomLog "/var/log/httpd/osradar.access_log" common
</VirtualHost>

 

Add a index.html file for testing purposes later with the following contents:

#vi  /var/www/osradar/index.html

Osradar   Testing

Allow  the Http  en   HTTPS  thrue the  firewall

[root@osradar-centos7 ~]# firewall-cmd --permanent --add-service=http
success
[root@osradar-centos7 ~]# firewall-cmd --permanent --add-service=https
success
[root@osradar-centos7 ~]# firewall-cmd --reload
success

Browse to   http://www.osradar.local


Apache is Done,   lets continue by installing certbot.

5. Install certbot

To install certbot first we need EPEL repository enabled, to do that execute the following command:

# yum -y install epel-release

Then install certbot for Apache:

# yum  install certbot-apache -y

Now that we have certbot installed, run certbot with the following command: certbot-2

# certbot-2

Certbot will ask you for the names you would like to activate HTTPS for:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: osradar.com
2: www.osradar.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Press enter to continue and then optionally if you want you can redirect your sites to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

If everything goes well you should see the following output:

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled
https://test.com and https://www.test.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=test.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com
-------------------------------------------------------------------------------

 

6. Configure automatic renewal

how to add a cronjob so our Let’s Encrypt SSL certificates can be renewed automatically.

Please execute the following command to edit the crontab  ( 1 time per day) :

# crontab -e

 

* 5 * * * /usr/bin/certbot renew >/dev/null 2>&1

Now you should have successfully installed and configured Let’s Encrypt with Apache.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here