CentOS 7: How to Configure Apache with Let’s Encrypt Free SSL

SSL enabled website allow user to transfer data (post/get) submission securely. Whenever there is POST or GET event happening on your web browser, non-ssl enabled website might your data captured via network traffic or packet dump.

Let’s Encrypt offer free SSL certificate up to 3 months, every 3 months you need to renew the certs otherwise browser will prompt as insecure SSL certificated. Below is the commonly seen non secure / self generate SSL error when accessing to a website.

letsencrypt-ssl-01

We will show you how to install and configure Let’s Encrypt SSL certificate with Apache Webserver on Centos 7.x service.

Step 1: Create Virtual Host File

Create a virtual host file that host your domain name as below (replace noreplied.com with your domain name) in /etc/httpd/conf.d/vhost-noreplied.com.conf

Restart apache services in order for the new virtual host to be loaded

Step 2: Install External Repo & Package

Before proceed with Let’s Encrypt installation, there are external repo and packages need to be enabled.

First, install epel-release on your machine

Second, we required git to clone Let’s Encrypt into your server, proceed to install git

We are good to roll on Let’s Encrypt Installation

Step 3: Let’s Encrypt Installation

We practice to install package in “/opt” folder, you may git clone Let’s Encrypt in the folder you are comfortable with. Proceed with Let’s Encrypt cloning into your server

Doing a file list you should see all the files in /opt/letsencrypt

letsencrypt-ssl-installed-files

Step 4: Create SSL Certs

Next, we will issue command to generate the SSL certs with Let’s Encrypt. First, make sure you are in /opt/letsencrypt folder

Below command will generate the cert for domain noreplied.com and www.noreplied.com,  please replace with your own domain name. We redirect user who access noreplied.com to www.noreplied.com, hene we will be using the same cert for both the domain and sub-domain.

Once command has been issued, the script will install dependencies scripts required by Let’s Encrypt, don’t worry about it, let it run.

letsencrypt-ssl-installed-dependency

Installing dependency files

 letsencrypt-ssl-email-address

Please make sure you key in correct email address, it will use as future reference

letsencrypt-ssl-accept-agreements

Accept the terms and condition, appreciate what Let’s Encrypt offer and don’t abuse it.

letsencrypt-ssl-redirect-https

Select “Secure” it will generate redirect rules from http to https

letsencrypt-ssl-success-message

Done!

Congratulation, your certs has been installed. Please take note that it will expire after 3 months from the day you generate.

Just in case you are not aware, there are new vhost geneate in /etc/httpd/conf.d/vhost-noreplied.com-le-ssl.conf, at the same time redirect rules enabled on the original virtualhost file.

Let’s Encrypt has restarted the apache service for the new config file to take place. It’s all done.

Step 5: Renew Cert Every 3 months

The certs will be expired in 3 months time, it’s recommend to run the renew command 2-3 weeks before it’s expired.

Here is the command to trigger renewal process

Now everyone can enable SSL for their website 😉 Thanks to Let’s Encrypt. Please do Donate to them