Let's Encrypt SSL Certificate on Centos 7

ssl

HowTo setup a Let's Encrypt SSL Certificate on Centos 7

Install

Install Git if not done already and run the following command

# git clone https://github.com/letsencrypt/letsencrypt
# cd letsencrypt

To install and run the client you just need to type:

# ./letsencrypt-auto

To get basic help type

# ./letsencrypt-auto --help

Generating the SSL Certificate 

# ./letsencrypt-auto certonly --standalone --email jk@mo.homelinux.net -d mo.homelinux.net

You will get a notice that everything has been completed and where can find your ssl certificates

To view your ssl certificates

# cd /etc/letsencrypt/live/mo.homelinux.net
# ls
cert.pem  chain.pem  fullchain.pem  privkey.pem

Configure Apache to Use LetsEncrypt SSL Certificates

Modify the following lines in your vhost and set them with the correct values:

SSLCertificateFile    /etc/letsencrypt/live/mo.homelinux.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mo.homelinux.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mo.homelinux.net/fullchain.pem

Renewing a Certificate

As of version 0.4.0, the letsencrypt python client supports a high-level renew subcommand that attempts to renew all of your certs using the same settings that you originally used to obtain them.

You can use following script as a cronjob for automatic renewal of your certificates

#!/bin/bash
service httpd stop
if ! /opt/letsencrypt/letsencrypt-auto renew -nvv --standalone --agree-tos > /var/log/letsencrypt/renew.log 2>&1 ; then
     echo "Automated renewal failed:"
     cat /var/log/letsencrypt/renew.log
fi
service httpd start

Adapt it to your needs, if you're not using the standalone plugin.

Previous Post Next Post