A huge thank you to Digital Ocean for their tutorials, everything below has been taken from them, only just scaled back to the bare minimum to get the job done. If you want to go through their full article on setting up Let’s Encypt you can click here.

Introduction

Let’s Encrypt is a Certificate Authority (CA) that effectively provide free SSL certificates for your servers and websites.

Step 1 — Installing Certbot

To obtain an SSL certificate, you first need to install Certbot and mod_ssl, an Apache module that provides support for SSL v3 encryption.

To add the CentOS 7 EPEL repository, run the following command:

sudo yum install epel-release

Then install all of the required packages:

sudo yum install certbot python2-certbot-apache mod_ssl

Step 2 — Obtaining a Certificate

Now that Certbot is installed, you can use it to request an SSL certificate for your domain.

To execute the interactive installation and obtain a certificate that covers only a single domain, run the certbot command with:

sudo certbot --apache -d example.com

This runs certbot with the --apache plugin and specifies the domain to configure the certificate for with the -d flag.

You can setup multiple domains and sub-domains at the same time by passing each domain through, separated by -d flag. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate. Example:

sudo certbot --apache -d example.com -d www.example.com

The generated certificate files will be available within a subdirectory named after your base domain in the /etc/letsencrypt/live directory.

Step 3 — Checking your Certificate Status

Try reloading your website using https:// and notice your browser’s security indicator. It will now indicate that the site is properly secured, usually with a green lock icon.

Step 4 — Setting Up Auto Renewal

Let’s Encrypt certificates are valid for 90 days, but it’s recommended that you renew the certificates every 60 days to allow a margin of error.

By using the --dry-run option, you can run a simulation of this task to test how renew works:

sudo certbot renew --dry-run

The official Certbot documentation recommends running cron twice per day. This will ensure that, in case Let’s Encrypt initiates a certificate revocation, there will be no more than half a day before Certbot renews your certificate.

Edit the crontab to create a new job that will run the renewal twice per day. To edit the crontabfor the root user, run:

sudo crontab -e

Add in the following line:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

When you’re finished, press ESC to leave insert mode, then :wq and ENTER to save and exit the file. This will create a new cron job that will execute at noon and midnight every day.

Leave a Reply

Your email address will not be published. Required fields are marked *