Install SSL Let’s Encrypt with Certbot on Apache

How to install SSL Let’s Encrypt with Certbot on Apache

In this article, AZDIGI will show you how to install the Let’s Encrypt SSL certificate on an Apache server in the simplest and fastest way. please follow along.

I. Overview

What is an SSL certificate?

SSL is a certificate that helps encrypt information on devices or applications that support this encryption. SSL certificate will have Private Key and Public Key, in which Public Key will be installed in terminal applications that browsers or other applications can access. Private Key will be installed in applications that handle receiving data.

Its purpose of operation is like the key to helping decrypt the data sent from the terminal, which is also encrypted through the Public Key.

What is Let’s Encrypt?

Let’s Encrypt is an SSL authentication organization like Comodo, GeoTrust and Symantec, but the difference is that they are a non-profit organization established with the auspices of influential organizations in the world Cisco, Akamai, Mozilla, Facebook… Therefore, Let’s Encrypt SSL certificates will be no different from other types of SSL certificates. However, you must renew them every 90 days to continue using them.

In addition, you can read more about Let’s Encrypt at the homepage link below:

• Let’s Encrypt Homepage.

So how to install Let’s Encrypt SSL on a website using Apache, please see the steps below.

II. Implementation guide

To install SSL Let’s Encrypt on the Apache server, follow these 3 steps.

Step 1: Install Cerbot Let’s Encrypt Client

With Let’s Encrypt, you can quickly install it through the Certbot client with just a few simple commands and wait for the system to run automatically.

• First, you need to install the EPEL repository:

yum -y install epel-release
    

• Next, install certbot-apache with the following command:

yum -y install certbot python2-certbot-apache mod_ssl
    

Step 2: Install Let’s Encrypt SSL

Note: You must make sure the domain is pointed to the server IP (if you install SSL for the subdomain www.domain.com, the sub must also point to the server)

To install SSL for your website, use the following command: (please change azdigi.cf to the name of your website)

certbot --apache -d azdigi.cf -d www.azdigi.cf
    

[root@template conf.d]# certbot --apache -d azdigi.cf -d www.azdigi.cf
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): kiendt@azdigi.cf (Enter your email)
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y (Press Y to agree to the terms)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N (Press N to refuse information and news from LetsEncrypt and Certbot)
Account registered.
Requesting a certificate for azdigi.cf and www.azdigi.cf
Performing the following challenges:
http-01 challenge for azdigi.cf
http-01 challenge for www.azdigi.cf
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/azdigi.cf-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/azdigi.cf-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/azdigi.cf-le-ssl.conf
Redirecting vhost in /etc/httpd/conf.d/azdigi.cf.conf to ssl vhost in /etc/httpd/conf.d/azdigi.cf-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://azdigi.cf and
https://www.azdigi.cf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
 /etc/letsencrypt/live/azdigi.cf/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/azdigi.cf/privkey.pem
 Your certificate will expire on 2021-04-23. To obtain a new or
 tweaked version of this certificate in the future, simply run
 certbot again with the "certonly" option. To non-interactively
 renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

 Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
 Donating to EFF: https://eff.org/donate-le

So you have successfully installed SSL through Certbot, the path to save the website’s certificate file will be at the corresponding path:

 - Certificate: /etc/letsencrypt/live/azdigi.cf/fullchain.pem
 -Private Key: /etc/letsencrypt/live/azdigi.cf/privkey.pem 

Let’s Encrypt certificates are only valid for 90 days, so you can set up your cronjob so that the certificate automatically renews if it expires.

• Renew manually by running command

certbot renew --dry-run
    

• Add Cronjob for automatic renewal

export VISUAL=nano; crontab -e
    

Then copy the content below into

00 6 * * * /usr/bin/certbot renew --quiet
    

Note: This cronjob means that every 6:00 AM, it will check the certificate, if the certificate expires, it will automatically renew. Otherwise, if it is still due, the extension will not be made.

Step 3: Check the certificate after installation

To more accurately check if your website has successfully installed SSL, you can check more through the 2 methods below.

Method 1: Check from the browser

You can access your website in a browser and click on the padlock icon as shown below. It will display which company’s certificate the website uses and specify the issue date and expiration date.

Method 2: Check from ssllabs.com

You can access the SSL Checker page by following the link: https://www.ssllabs.com/ssltest/

Then you enter your domain and click Submit. At this point, all information about the website’s certificate will be fully displayed as below:

III. Summary

So in this article, AZDIGI showed you how to quickly install Let’s Encrypt SSL on your website via Certbot quickly and simply. Installing SSL may seem simple, but it can be quite helpful for your website in terms of security as well as being great for SEO. Hopefully, this article will help you to install Let’s Encrypt SSL successfully!

If you find the article helpful, please share it widely. In addition, you can refer to some other articles on Linux knowledge at the link below:

• General Guide to Linux

If you need assistance, you can contact support in the ways below:

• Hotline 247: 028 888 24768 (Ext 0)
• Ticket/Email: You use the email to register for the service and send it directly to: support@azdigi.com