Menu

How to Install Let’s Encrypt (Certbot) on CentOS 8

Written by , Updated on September 11, 2020

The Certbot is a command line utility for getting free SSL certificates from Let’s Encrypt certificate authority. It allows you to request a new SSL certificate, do the authorization and configure your web server for SSL settings. You can also obtain SSL certificates for other services like Mail servers, proxy and VPN servers.

This tutorial help you to install Let’s Encrypt client on CentOS 8 Linux system.

Prerequisites

Before installing Certbot on CentOS 8, You must fulfill:

  • A CentOS 8 Linux system with sudo user access.
  • Apache (HTTP) web server with virtual host configured with a domain.
  • Domain or sub-domain must be pointed to web server IP address.

Step 1 – Enabling EPEL Repo

The EPEL repository contains updated certbot packages for the rpm based systems. You’ll need to enable the EPEL (Extra Packages for Enterprise Linux) repository on your system using the following commands:

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm 
sudo dnf config-manager --set-enabled PowerTools

Step 2 – Installing Certbot

Certbot is available as RPM package for the installation on CentOS 8 system. You can install it directory from EPEL repository, which you already have enabled on your system.

Open a terminal and execute below command to install certbot:

sudo dnf install certbot python3-certbot-apache 

sudo dnf install certbot python3-certbot-nginx

Step 3 – Request a New SSL Certificate

Now, You can request SSL certificates from Let’s encrypt based on the web server.

  1. Apache (HTTPD) – The systems running Apache web server, execute the following command. This will list all the domains/sub-domains configured on your web server. Select appropriate numbers to request certificate.
    sudo certbot --apache
  2. Nginx – The systems running with Nginx web server, use below command to request for the SSL certificates.
    sudo certbot --nginx
  3. Get Certificate Only – If you are feeling insecure with the default SSL configuration, you can get the certificate only with creating configuration. The create the virtual host manually.
    sudo certbot certonly --apache 
sudo certbot certonly --nginx

In all of the above cases, the domain must be pointed to your server from dns. Also insure that /.well-known/acme-challenge are served by the webserver.

Step 4 – Test SSL Setup

Once the SSL certificate is installed on the web server, visit https://your-domain.com/ in a web browser and look for the SSL lock icon in the URL bar. You can also do a security scan for the SSL setup on https://www.ssllabs.com/ssltest/.

Verify lets encrypt SSL

Step 5 – Renew Existing SSL Certificate

All the certificates issued by Let’s encrypt care valid for 3 months only. It allows you to renew a certificate before 30 days or less of expiry. The Certbot utility allows you to renew SSL with single command line. You can also schedule this in a cronjob.

Run the below command to renew all the certificates on that system.

sudo certbot renew

You can also do a dry run without actual renewal of the certificate. With this you can verify if SSL renewal will work if scheduled with cronjob.

sudo certbot renew --dry-run

Conclusion

In this tutorial, you have learned to install certbot on CentOS 8 Linux system. Also helped you to create new certificates for your web servers.

Rahul
Rahul
Connect on Facebook Connect on Twitter

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

Leave a Reply

© 2013-2020 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy