Saturday, July 29, 2023

How to Secure http with LetsEncrypt in Centos7 | How to Secure http with LetsEncrypt in REdHat 7

Securing your website with Let's Encrypt on CentOS 7 involves a few steps. Let's walk through the process step-by-step:

  1. Prerequisites:

    • Make sure you have root access to your CentOS 7 server.
    • Ensure your domain is properly pointed to your server's IP address.

  2. Install Certbot: Certbot is a client application that helps you obtain and manage Let's Encrypt SSL certificates. Install Certbot with the EPEL repository: 

    bash
    yum install epel-release

    yum install certbot python2-certbot-apache

  3. Set Up Apache: If you're using Apache as your web server, you'll need to enable the required modules: 

    bash
    yum install httpd 
    systemctl start httpd

    systemctl     enable httpd

  4. Configure Firewall: Allow HTTP and HTTPS traffic through the firewall: 

    bash
    firewall-cmd --permanent --add-service=http

    firewall-cmd --permanent --add-service=https

    firewall-cmd --reload

  5. Obtain the SSL Certificate: Use Certbot to obtain an SSL certificate for your domain. Replace domain.com with your actual domain name: 

    bash
    certbot --apache -d domain.com -d www.domain.com

    Certbot will guide you through the process, and you may need to provide an email address for renewal notifications.

  6. Automate Certificate Renewal: Let's Encrypt certificates are valid for 90 days. To ensure your certificates are automatically renewed, set up a cron job: 

    bash
    crontab -e

    Add the following line to run the renewal check daily: 

    bash
    30 2 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renewal.log

  7. Update Apache Configuration: Certbot will automatically update your Apache configuration to use the SSL certificate. However, you might need to adjust your virtual host settings to include the following lines: 

    bash
    <VirtualHost *:443>

    ServerName domain.com

    ServerAlias www.domain.com

    DocumentRoot /var/www/html

    
    # SSL Configuration

    SSLEngine on

    SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem

    
    # Other configurations as needed

    </VirtualHost>

  8. Restart Apache: After making any configuration changes, restart Apache to apply the new settings: 

    bash
    systemctl restart httpd

That's it! Your website should now be accessible over HTTPS with a valid SSL certificate from Let's Encrypt. Remember to periodically check your SSL certificate's expiration and ensure that the automatic renewal process is working correctly.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Installing Jenkins on RHEL 8 is a straightforward process. Here's a step-by-step guide

Introduction  Jenkins is an open-source automation server widely used for continuous integration (CI) and continuous delivery (CD) pipelines...