Apache - Webserver with SSL (CentOS 7)

In this article, I describe how to set up Apache with SSL and a Let's Encrypt (letsencrypt) certificate on CentOS 7. In another article I showed you how to achieve this scenario on Debian 9.

Let's Encrypt is a CA offering free certificates. Unlike e.g. CaCert, the Let's Encrypt root certificates are already preinstalled in the popular web browsers. The certificates are valid for 3 months and then have to be renewed.

Installation on CentOS 7

Let's start installing the Apache webserver:

# apt-get install httpd

After this you have to install the EPEL repository and the certbot:

# yum install epel-release
# yum install certbot-apache

Detailed installation instructions for various Linux distributions can be found at certbot.eff.org.

Configuration of the Hostname

The hostname is set in the file /etc/httpd/conf/httpd.conf:

ServerName myhost.karl-deutsch.at

Restart the webserver after you changed the textfile:

# systemctl restart httpd

Configuration of Let's encrypt

The configuration is done with this command:

# certbot --apache

You have to answer some questions. Then restart the web server and the new certificate will be active:

# systemctl restart httpd

If you want, you can run the ssl-check on www.ssllabs.com. The result could be similiar to this screenshot:

Renewal of the Certificate

Every 3 months you have to renew the certificate. This is done manually with this command:

# certbot renew
Go to top