Obtain SSL Certificate (Let's Encrypt)
Install the latest open ssl
# certbot certonly --webroot -w /var/www/html/[domain name] -d [domain name]
# Specify an email address to receive
Enter email address (used for urgent notices and lost key recovery)
<Administrator's email address>
< OK > <Cancel>
Please read the Terms of Service at
You must agree in order to register with the ACME server at
<Agree > <Cancel>
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/[domain name]/fullchain.pem. Your cert will
expire on 2022-01-27. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
#If [Congratulations] is displayed, it succeeds.
# The following certificate has been obtained under [/etc/letsencrypt/live/[domain name]/] as described in the message
# cert.pem ⇒ SSL server certificate (including public key)
# chain.pem ⇒ intermediate certificate
# fullchain.pem ⇒File containing cert.pem and chain.pem combined
# privkey.pem ⇒ private key
2.Automatic renewal of certificates (Let's Encrypt)
Test the automatic update with the following --dry-run option.
With this option, certificates are not renewed, only checked, so there is no need to worry about getting stuck with a limit on the number of times a certificate can be obtained.
# On the first day of each month, at 3:00 a.m.
#Execute "/usr/bin/certbot renew" as "root" user
# Restart web server "apache"
00 03 01 * * root /usr/bin/certbot renew && /usr/sbin/service apache2 restart
Apache https conversion
Install the following just in case
1. Edit ssl.conf file
●Line 59 : Uncomment change
DocumentRoot "/var/www/html/<domain name>"
●Line 60 : Uncomment change
ServerName <omain name>:443
●Line 101 : Comment out and add under it
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/letsencrypt/live/<omain name>/cert.pem
●Line 109 : Comment out and add under it
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/letsencrypt/live/<omain name>/privkey.pem
●Line 119 : add
SSLCertificateChainFile /etc/letsencrypt/live/<omain name>/chain.pem
# firewall-cmd --reload