In this tutorial we will see the procedure that you must carry out if you want to install an SSL certificate on a web server. Once you’re done, all traffic between the server and the client will be encrypted. This has become a standard for site security, especially e-commerce sites.
it is a pioneer in free SSL implementation and can be used as provider certification in some cases.
What do you need?
Before proceeding with this guide, you will need:
- CentOS 7 VPS root SSH access
- Apache web server with domain and vhost correctly configured.
Step 1 – Install the dependent modules
For install cerbot tyou will have to install the EPEL repertoire which is not available by default, mod_ssl it is also required for the encryption to be recognized by Apache.
To install both dependencies you have to run the command:
yum install epel-release mod_ssl
You should now be able to proceed with the installation of cerbot.
Step 2 – Download the Let’s Encrypt client
Now you have to install the cerbot client from the EPEL repository:
yum install python-certbot-apache
Cerbot should now be installed and available for use.
Step 3 – Install and configure the SSL certificate in Apache
Cerbot will handle the SSL certificate management in a very simple way, it will generate a new certificate for the domain as a parameter.
In this case, example.com will be used as the domain to be certified:
certbot –apache -d example.com
If you want to generate multiple or subdomains SSL, you have to run this command:
certbot –apache -d example.com -d www.example.com
IMPORTANT: The first domain must be your base domain. In this case it is example.com
While the certificate is installed you will find a step-by-step guide in which you can customize some details of the certificate. You will have the option to choose between forcing HTTPS or leaving HTTP as the default protocol, you will be prompted to provide an email address for security purposes.
Once you have finished the installation you will see a message similar to this:
IMPORTANT NOTES: – If you lose your account credentials, you can recover through e-mails sent to user@example.com. – Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2016-04-21. To obtain a new version of the certificate in the future, simply run Let’s Encrypt again. – Your account credentials have been saved in your Let’s Encrypt configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let’s Encrypt so making regular backups of this folder is ideal. – If you like Let’s Encrypt, please consider supporting our work by: Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
4.- Establish the self-renewal of the certificate
Let’s Encrypt certification is valid for 90 days. But all professional websites recommend renewing it every 60 days to avoid any problems. To do this, cerbot will not help with the command renew. It will check if the certificate has less than 30 days left to expire.
You have to run the following command to proceed:
certbot renew
If the certificate installation is recent, then cerbot will only check the expiration date:
Processing /etc/letsencrypt/renewal/example.com.conf The following certs are not due for renewal yet: /etc/letsencrypt/live/example.com/fullchain.pem (skipped) No renewals were attempted.
To make the renewal process automatic you have to set a cronjob. First open the crontab:
crontab -e
This job can be scheduled to run every Monday at midnight:
0 0 * * 1 /usr/bin/certbot renew >> /var/log/sslrenew.log
The output of the script will be sent to the /var/log/sslrenew.log file.
conclusion
You have now secured your Apache web server by implementing the best security tool: a . Now all the traffic between your server and the client will be encrypted.
Gustavo is passionate about creating websites. He focuses on the application of SEO strategies at for Spain and Latin America, as well as the creation of high-level content. When he is not applying new WordPress tricks you can find him playing the guitar, traveling or taking an online course.
Facebook Comments
Disqus