Home Linux ServerWeb Server Install SSL Let’s Encrypt with Certbot on Apache

Install SSL Let’s Encrypt with Certbot on Apache

by Thạch Phạm
Published: Last Updated on

How to install SSL Let’s Encrypt with Certbot on Apache

In this article, AZDIGI will show you how to install the Let’s Encrypt SSL certificate on an Apache server in the simplest and fastest way. please follow along.

I. Overview

What is an SSL certificate?

SSL is a certificate that helps encrypt information on devices or applications that support this encryption. SSL certificate will have Private Key and Public Key, in which Public Key will be installed in terminal applications that browsers or other applications can access. Private Key will be installed in applications that handle receiving data.

Its purpose of operation is like the key to helping decrypt the data sent from the terminal, which is also encrypted through the Public Key.

What is Let’s Encrypt?

Let’s Encrypt is an SSL authentication organization like Comodo, GeoTrust and Symantec, but the difference is that they are a non-profit organization established with the auspices of influential organizations in the world Cisco, Akamai, Mozilla, Facebook… Therefore, Let’s Encrypt SSL certificates will be no different from other types of SSL certificates. However, you must renew them every 90 days to continue using them.

In addition, you can read more about Let’s Encrypt at the homepage link below:

So how to install Let’s Encrypt SSL on a website using Apache, please see the steps below.

II. Implementation guide

To install SSL Let’s Encrypt on the Apache server, follow these 3 steps.

Step 1: Install Cerbot Let’s Encrypt Client

With Let’s Encrypt, you can quickly install it through the Certbot client with just a few simple commands and wait for the system to run automatically.

  • First, you need to install the EPEL repository:
AZDIGI Tutorial
yum -y install epel-release
  • Next, install certbot-apache with the following command:
AZDIGI Tutorial
yum -y install certbot python2-certbot-apache mod_ssl
Install SSL Let's Encrypt with Certbot on Apache
As shown above, I have successfully installed Certbot.

Step 2: Install Let’s Encrypt SSL

Note: You must make sure the domain is pointed to the server IP (if you install SSL for the subdomain www.domain.com, the sub must also point to the server)

To install SSL for your website, use the following command: (please change azdigi.cf to the name of your website)

AZDIGI Tutorial
certbot --apache -d azdigi.cf -d www.azdigi.cf
[root@template conf.d]# certbot --apache -d azdigi.cf -d www.azdigi.cf
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): kiendt@azdigi.cf (Enter your email)
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y (Press Y to agree to the terms)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N (Press N to refuse information and news from LetsEncrypt and Certbot)
Account registered.
Requesting a certificate for azdigi.cf and www.azdigi.cf
Performing the following challenges:
http-01 challenge for azdigi.cf
http-01 challenge for www.azdigi.cf
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/azdigi.cf-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/azdigi.cf-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/azdigi.cf-le-ssl.conf
Redirecting vhost in /etc/httpd/conf.d/azdigi.cf.conf to ssl vhost in /etc/httpd/conf.d/azdigi.cf-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://azdigi.cf and
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 - Congratulations! Your certificate and chain have been saved at:
 Your key file has been saved at:
 Your certificate will expire on 2021-04-23. To obtain a new or
 tweaked version of this certificate in the future, simply run
 certbot again with the "certonly" option. To non-interactively
 renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

 Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
 Donating to EFF: https://eff.org/donate-le

So you have successfully installed SSL through Certbot, the path to save the website’s certificate file will be at the corresponding path:

 - Certificate: /etc/letsencrypt/live/azdigi.cf/fullchain.pem
 -Private Key: /etc/letsencrypt/live/azdigi.cf/privkey.pem 

Let’s Encrypt certificates are only valid for 90 days, so you can set up your cronjob so that the certificate automatically renews if it expires.

  • Renew manually by running command
AZDIGI Tutorial
certbot renew --dry-run

  • Add Cronjob for automatic renewal
AZDIGI Tutorial
export VISUAL=nano; crontab -e

Then copy the content below into

AZDIGI Tutorial
00 6 * * * /usr/bin/certbot renew --quiet

Note: This cronjob means that every 6:00 AM, it will check the certificate, if the certificate expires, it will automatically renew. Otherwise, if it is still due, the extension will not be made.

Install SSL Let's Encrypt with Certbot on Apache

Step 3: Check the certificate after installation

To more accurately check if your website has successfully installed SSL, you can check more through the 2 methods below.

Method 1: Check from the browser

You can access your website in a browser and click on the padlock icon as shown below. It will display which company’s certificate the website uses and specify the issue date and expiration date.

Install SSL Let's Encrypt with Certbot on Apache

Method 2: Check from ssllabs.com

You can access the SSL Checker page by following the link: https://www.ssllabs.com/ssltest/

Then you enter your domain and click Submit. At this point, all information about the website’s certificate will be fully displayed as below:

Install SSL Let's Encrypt with Certbot on Apache

III. Summary

So in this article, AZDIGI showed you how to quickly install Let’s Encrypt SSL on your website via Certbot quickly and simply. Installing SSL may seem simple, but it can be quite helpful for your website in terms of security as well as being great for SEO. Hopefully, this article will help you to install Let’s Encrypt SSL successfully!

If you find the article helpful, please share it widely. In addition, you can refer to some other articles on Linux knowledge at the link below:

If you need assistance, you can contact support in the ways below:

Đánh giá

Tham gia nhóm hỗ trợ Server - Hosting

Tham gia nhóm Hỗ trợ Server - Hosting & WordPress để cùng nhau hỏi đáp và hỗ trợ các vấn đề về WordPress, tối ưu máy chủ/server.

Tham gia ngay

Bài viết cùng chuyên mục

AZDIGI – Không chỉ là đơn vị hàng đầu trong lĩnh vực Web Hosting và Máy chủ, chúng tôi mong muốn mang lại những kiến thức bổ ích nhất và luôn cập nhật thường xuyên cho cộng đồng người đam mê thiết kế website, công nghệ,…

Vui lòng không sao chép nội dung nếu chưa xin phép. Designed and Developed by PenciDesign