How to Install SSL Certificate on CentOS 7

[aaron]

   

   

How to Install SSL Certificate on CentOS 7

   

How to Install SSL Certificate with Let's Encrypt

   

Let's Encrypt offers a free SSL certificate. Let's see how to install it on your server.

   

Important! We're using "ellohost-dev-9.xyz" as our test site, but you need to replace it with your site's name.

   

We recommend checking the system first to ensure it's up to date:

   

yum -y update

   

Next, you'll need mod_ssl to configure Let's Encrypt:

   

yum -y install mod_ssl

   

Now, configure Apache by creating a document root folder for the website:

   

mkdir /var/www/ellohost-dev-9.xyz

   

A virtual host config file is required at this step. You can create it with nano and enter the following lines:

   

nano /etc/httpd/conf.d/ellohost-dev-9.xyz.conf

   

In nano, enter this code:

   

<VirtualHost *:80>

ServerAdmin admin@test.com

DocumentRoot "/var/www/ellohost-dev-9.xyz"

ServerName ellohost-dev-9.xyz

ServerAlias www.ellohost-dev-9.xyz.com

ErrorLog "/var/log/httpd/test.error_log"

CustomLog "/var/log/httpd/test.access_log" common

</VirtualHost>

   

Replace the owner of the /var/www/ellohost-dev-9.xyz directory with your Apache user to enable recognition:

   

chown -R apache:apache /var/www/ellohost-dev-9.xyz

   

Certbot Installation

   

Before installing Certbot, ensure that the EPEL repository is activated by entering this command:

   

yum -y install epel-release

   

Next, install yum-utils:

   

yum -y install yum-utils

   

Only then can you install Certbot for Apache:

   

yum -y install certbot-apache

   

After installing Certbot, run it:

   

certbot

   

A prompt will ask you for the names you want to activate HTTPS on:

   

Which names would you like to activate HTTPS for?

-------------------------------------------------------------------------------

1: ellohost-dev-9.xyz

2: www.ellohost-dev-9.xyz

-------------------------------------------------------------------------------

Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter 'c' to cancel):

   

Simply press Enter to have both ellohost-dev-9.xyz and www.ellohost-dev-9.xyz redirected to HTTPS.

   

Another prompt will appear:

   

Choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

-------------------------------------------------------------------------------

1: No redirect – Make no further changes to the web server configuration.

2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you're confident your site works on HTTPS. You can undo this

change by editing your web server's configuration.

-------------------------------------------------------------------------------

Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

   

Select number 2 to redirect both your website names to HTTPS.

   

If the process is done correctly, you should see the following output:

   

-------------------------------------------------------------------------------

Congratulations! You have successfully enabled

https://ellohost-dev-9.xyz and https://www.ellohost-dev-9.xyz



You should test your configuration at:

https://www.ssllabs.com/ssltest/analyze....-dev-9.xyz

https://www.ssllabs.com/ssltest/analyze....-dev-9.xyz

-------------------------------------------------------------------------------

   

Automatic Certificate Renewal

   

An advantage of using Let's Encrypt is that you can set up automatic certificate renewal.

   

To set up automatic renewal, enter the following command:

   

export EDITOR=/bin/nano

   

This sets nano as the default editor and allows you to edit the crontab:

   

crontab -e

   

In fact, Let's Encrypt suggests that the automatic renewal cron job runs twice a day. To do so, paste this command and save the crontab:

   

* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1

   

How to Install SSL Certificate With Comodo

   

COMODO SSL is a paid SSL certificate provider. With it, users can choose to encrypt their server traffic. Here's how to install it on CentOS 7:

   

Download the Intermediate (ComodoRSACA.crt) and Primary Certificate (domain_name.crt) and copy them to the server directory. They will store your certificate and key files.

   

Find the Apache config file. Usually, the filename is httpd.conf or apache2.conf. Common locations for the file are either /etc/httpd/ or /etc/apache2/. If it can't be found, the alternative is to search using grep by typing the following command:

   

grep -i -r "SSLCertificateFile" /etc/httpd/

   

Important! Change /etc/httpd/ to your base directory of Apache installation.

   

If you want to enable SSL on your server, configure it with your <VirtualHost> by pasting the following line into it:

   

<VirtualHost 31.220.62.130>

DocumentRoot /var/www/ellohost-dev-9.xyz

ServerName www.ellohost-dev-9.xyz

SSLEngine on

SSLCertificateFile /var/www/ellohost-dev-9.xyz.crt

SSLCertificateKeyFile /var/www/your_private.key

SSLCertificateChainFile /var/www/ComodoCA.crt

</VirtualHost>

   

31.220.62.130: change this to your server IP Address

   

SSLCertificateFile needs to be changed to your COMODO certificate file (for example, domain_name.crt)

   

SSLCertificateKeyFile is the generated key file when you created the CSR (Certificate Signing Request)

   

SSLCertificateChainFile is the COMODO intermediate certificate file (ComodoRSACA.crt)

   

It's important to check your Apache config file before restarting. If there's a syntax error, Apache may not start at all. You can type this command to ensure everything is fine:

   

apachectl configtest

   

After everything is checked, restart Apache with SSL support:

   

apachectl stop

   

and then

   

apachectl start