Let’s Encrypt is a free, automated, and open Certificate Authority (CA) that provides SSL/TLS certificates to secure websites and other applications. In this article, we will learn how to install Certbot on RHEL & CentOS 9.
Prerequisites
- A running instance of RHEL or CentOS 9
- A user with root or sudo privileges
Step 1: Update the System
Before installing any new package, it is recommended to update the system to the latest available version. Use the following command to update your system:
sudo dnf update -y
Step 2: Enable EPEL Repository
Certbot is not available in the default CentOS repository, so we need to enable the EPEL repository. Use the following command to install the EPEL repository:
sudo dnf install epel-release -y
Step 3: Install Certbot
After enabling the EPEL repository, we can now install Certbot using the following command:
sudo dnf install certbot -y
Step 4: Obtain SSL Certificate
To obtain an SSL certificate from Let’s Encrypt, we need to run the following command:
sudo certbot certonly --standalone -d example.com
Replace example.com with your own domain name. This will start the certificate issuance process, and after a successful run, you will get the SSL certificate.
Step 5: Configure SSL Certificate
Now that we have obtained the SSL certificate, we need to configure our web server to use the SSL certificate. Here, we will use Apache as an example.
Use the following command to edit the Apache configuration file:
sudo nano /etc/httpd/conf.d/ssl.conf
Add the following lines in the configuration file, replacing example.com with your own domain name:
1 2 3 4 | SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem |
Save the file and restart Apache to apply the changes:
sudo systemctl restart httpd
Step 6: Renew SSL Certificate
Let’s Encrypt SSL certificates are valid for only 90 days, so it is important to renew them regularly. You can renew the SSL certificate using the following command:
sudo certbot renew
This command will check if the certificate is due for renewal and renew it if necessary. You can also set up a cron job to automatically renew the certificate.
Conclusion
In conclusion, we have learned how to install the Let’s Encrypt SSL certificate (Certbot) on RHEL & CentOS 9 and how to obtain, configure, and renew the SSL certificate. This will secure your website and make it accessible over HTTPS, providing a secure and encrypted connection to your users.