Issue SSL Certificates for Apache Using Certbot on CentOS 7

Updated on October 18, 2016
Issue SSL Certificates for Apache Using Certbot on CentOS 7 header image

Introduction

Certbot is an automated SSL Certificate issuer for the Let's Encrypt Certificate Authority. It was developed as a client for Let’s Encrypt and will also work with any other CAs that support the ACME protocol.

In this tutorial, we will cover the process of installing Certbot on CentOS 7 running Apache and configure it to issue and and renew Let's Encrypt SSL Certificates.

Prerequisites

  • A CentOS 7 Server
  • A functional Apache webserver
  • mod_ssl

Installation

Certbot is available on the EPEL Yum Repository. If you do not have EPEL installed already, you can install it using the command below:

# yum -y install epel-release mod_ssl openssl

Next, we will need to install Certbot and its Apache plugin

# yum -y install certbot python-certbot-apache

Run Certbot:

# certbot --apache

To avoid errors, please ensure that your virtual host is already setup for the domain you wish to the the SSL Certificate for and that DNS is properly configured.

Configuration

Once you run the Certbot Apache Plugin, an installation wizard will appear. The configurable options include:

  • Select domains you wish to issue a certificate for (Note: www.example.com and example.com will be issued separate SSL Certificates).
  • SSL Enforcement Options.

Auto-Renewal

Let's Encrypt certificates expire after 90 days. Certbot can handle automated renewals with ease.

# certbot renew --dry-run

# certbot renew --quiet

This concludes our tutorial. Thank you for reading.