This guide explains the method of installing an SSL certificate on a CentOS 7 cloud server using Apache as the web server. Once successfully installed, the traffic between the server and client will be encrypted. SSL certificates are widely used in e-commerce websites and the online financial industry. Let's Encrypt is a pioneer in providing free SSL certificates and is one of the most common SSL certificates available.
First, install two dependency packages:
sudo yum install -y epel-release mod_ssl
Install the Certbot client. Certbot is a tool that simplifies the management of SSL certificates.
sudo yum install python-certbot-apache
Install and configure the SSL certificate. Replace example.com with your actual domain name.
sudo certbot --apache -d example.com
If you need to generate certificates for multiple domains, you can use the following command. Note that the first domain must be the root domain.
sudo certbot --apache -d example.com -d www.example.com
During the installation process, the system will provide a step-by-step configuration guide. We can choose whether to enforce HTTPS or retain HTTP as the default protocol. The guide also requires us to provide an email address for the certificate administrator. Upon completion of the installation, the system will display the following results:
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
emails sent to user@example.com.
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert
will expire on 2019-04-21. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at / etc / letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also have certificates and private keys obtained by Let's
Encrypt so regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:
Let's Encrypt certificates have a validity period of 90 days, thus timely renewal is necessary. Certbot assists in renewing the certificates. Here, we need to confirm that Certbot's renewal function is working correctly.
sudo certbot renew
If the certificate was installed recently, Certbot will only display the expiration date without performing a renewal.
Processing /etc/letsencrypt/renewal/example.com.conf
The following certs are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem (skipped)
No renewals were attempted.
Setting up automatic renewal requires creating a cron job.
sudo crontab -e
Add the following cron job to execute once every week at midnight on Monday
0 0 * * 1 / usr / bin / certbot renew >> /var/log/sslrenew.log
This completes the installation process of the free SSL certificate on a CentOS 7 cloud server. From this point, data transmitted between Apache and the client will be encrypted, ensuring the security of network transmission.
23-02-2024 02:02:07
22-02-2024 03:19:32
22-02-2024 03:16:03
22-02-2024 03:14:03
22-02-2024 03:11:58