Feb 12th, 2018. I’ve updated this document to reflect recent changes to the command used to generate certiciates with Lets Encrypt.
This article demonstrates how to add Letsencrypt SSL certificates to a CentOS 7 apache server. Some information for this article was obtained (and simplified) from here: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7
This is the minimum you’d do to get Letsencrypt working on your CentOS 7 or RHEL 7 server. We’re keeping SELinux on and have not previously configured a vhost (virtual host) for the domain we’re using Letsencrypt for.
We need the Epel repo and git:
yum install epel-release git
Now get Letsencrypt via git:
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt cd /opt/letsencrypt
Get the certificate. Replace “agix.com.au” with your own domain:
./certbot-auto --authenticator webroot --webroot-path /var/www/html/www.agix.com.au/public/ --installer apache -d www.agix.com.au
You can add another domain to the above line. For example you can have “-d one.agix.com.au -d two.agix.com.au -d agix.com.au”.
The script above will assume you’re using the “ssl.conf” file unless you already have virtual host file for the letsencrypt certificate.
And you’re done. Go to your website with “https://” and see if it works.
To automatically renew the certificates on a regular basis, add the following to the root’s crontab:
0 0 * * * root /opt/letsencrypt/certbot-auto renew
Manually run the command “/opt/letsencrypt/certbot-auto renew” to make sure it works.