How To Add SSL Certificate on Centos 8
Software Developer (Full Stack) with 4 years of experience building scalable web applications across frontend and backend. Focused on performance, security, and clean architecture. Skilled in troubleshooting, agile collaboration, and delivering production-ready solutions. Driven by continuous learning and delivering high-value, user-centric solutions.
Why We Need SSL?
SSL certificates are required for websites in order to protect user data, validate website ownership, prevent attackers from creating a false version of the site, and transmit trust to users.
What is Certbot?
Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
source: certbot
Prerequisites
Server with CentOS 8
Apache is installed on the server with the configured virtual host for your domains.
Step 1 - Installing the Certbot Client
Add the CentOS 8 EPEL repository
$ sudo dnf install epel-release
Now Install Certbot with the required packages python3-certbot-apache and mod_ssl
$ sudo dnf install certbot python3-certbot-apache mod_ssl
Step 2 - Getting a Certificate
To obtain a certificate that covers only one domain
$ sudo certbot --apache -d example.com
To obtain a certificate that covers multiple domains
$ sudo certbot --apache -d www.example.com -d example.com
You can also use certbot utility prompt
$ sudo certbot --apache
#Output
Successful Installation output will be something similar to this
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2022-01-26. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to E
FF: https://eff.org/donate-le
Step 3 - Testing
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
Conclusion
We learned how to install a free SSL certificate on your domain in a very basic and straightforward manner.
