The security of data transmission on the internet is a vital issue when you have a website. One of these is the generation of TLS/SSL certificates for your server and therefore for accessing your website. Doing so may sound quite complicated but today we will show you that it can be a simple process without so many headaches. So, in this post, you will learn how to Install Let’s Encrypt (Certbot) on CentOS 8
There are a few things you might be confused about, so before we get started we need to clarify a few things.
First of all, we have Let’s Encrypt. According to their website:
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.
Therefore, thanks to them we will be able to generate security certificates for our websites. Best of all, it is free and transparent. This makes it ideal for small and educational projects.
However, Let’s Encrypt works with some clients that allow us to make this process even more automatic. One of these clients is
cerbot which we can install and use to generate certificates without any problems.
Therefore, we can say that Certbot is a client for the use of Let’s Encrypt. The project’s website defines it as follows:
Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
So with Certbot installed we can take advantage of Let’s Encrypt.
Despite being a vital tool for many, Certbot is not in the CentOS 8 repositories. But this does not make installation complicated because it is available in the EPEL repository.
So, first, open a terminal or connect via SSH to your server. Then, update it.
sudo dnf update
Note: If you don’t have
sudo then you will have to run these commands as root.
This way we will have the system ready for installation.
Now, add the EPEL repository to the system by installing a package called
epel-release from the official CentOS 8 repository
sudo dnf install epel-release
After the EPEL repository is successfully added, you can start installing Certbot.
Now, Certbot integrates via plugins with the webserver you have installed. In this post, we will use the popular Apache as an example.
So, we have to install Certbot, its Apache plugin, and an Apache module called
mod_ssl to do so, run
sudo dnf install certbot python3-certbot-apache mod_ssl
The installation shouldn’t take long because they are lightweight packages.
Now the process of installing the new certificate is quite simple, just run this command.
sudo certbot --apache -d [your-domain]
As we can see, the parameter that specifies the domain is
-d, and together with your domain as follows.
sudo certbot --apache -d imaginelinux.com
Also, you can specify multiple domains in a single command. To do this, you just have to point to multiple
-d domains along with their domains.
sudo certbot --apache -d imaginelinux.com -d www.imaginelinux.com
After you have executed the command, you will be presented with an output screen in the terminal where you will have to specify an email address. After this, the script will continue to run until you see a congratulations message.
Now, all you have to do is restart Apache for everything to take effect.
sudo systemctl restart httpd
For this whole process to go smoothly, you’ll want to create a VirtualHost for your site and add the
ServerName directive to it.
Let’s Encrypt certificates are valid for 90 days, so you need to keep an eye on them. To renew it, just run the following command:
sudo certbot renew
Although we can do a simulation of this process by adding
dry-run to it
sudo certbot renew --dry-run
A good practice is to add a task to the cron where you can do this smoothly and automatically.
echo "0 0,12 * * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
In this case, it is done twice a day as recommended by Cerbot. But this is optional.
If for some reason, you need to uninstall it from the system, you can do so via the package manager.
sudo dnf remove certbot python3-certbot-apache
This will remove Certbot from the system.
Thanks to this post, you now know how to install and configure Let’s Encrypt (Certbot) on centOS 8 quickly and easily. We have also shown you how to generate the certificate as well as how to renew it automatically thanks to Cron.
Help us to grow by sharing this post. Also, you can leave a comment leaving your experiences with this tool.