The following example demonstrates the steps to use an ACME client, the
certbotto acquire and install certificates for an Apache HTTP Server instance at a CentOS 7 system.
- Install CentOS 7
- This step and the steps that follow are done at the CentOS 7 system. Install Apache HTTP Server with
sudo yum install httpd mod_ssl
Enable and start the HTTP service.
sudo systemctl enable httpd.service sudo systemctl start httpd.service
Enable the EPEL repository.
sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
certbot, an ACME client from the EPEL repository.
sudo yum install certbot-apache
Acquire SSL certificates from "Let's Encrypt", and install them at the Apache HTTP server.
sudo certbot --apache
The certificates are set to expire in 90 days. Therefore, we need to set up an automatic renewal, which can be done either in a
cronjob. Below is a cron job. However before proceeding to schedule a renewal job, we can test the renewal via the following,
certbot renew --dry-run
We now schedule the renewal job twice a day as advised by the "Let's Encrypt" site.
"If you're setting up a cron or systemd job, we recommend running it twice per day (it won't do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let's Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks."Following the advice, a cron job runs twice is added via
0 5,17 * * * /bin/certbot renew > /var/log/certbot.log 2>&1
To test your HTTPS site, you may use SSLLab's service. For instance, if you site is
www.example.com, you can point your browser to
certbot, there are many other ACME clients. See the Let's Encrypt site for a recommended list.