How to setup Let’s Encrypt in CentOS 6 and CentOS 7
Setting up SSL is a costly, and often tedious process.
A decent 2048-bit certificate costs at least $149/yr, and requires the webmaster to generate a CSR, submit it to the CA, reconfigure the web server, and troubleshoot any errors.
It’s then no surprise that many webmasters choose not to get an SSL. But such websites are more susceptible to web-based attacks, and contributes to an insecure internet.
Internet Security Research Group, a non-profit organization came up with a solution – Free certificates with automated provisioning. Towards this goal they setup an Open Certificate Authority called Let’s Encrypt.
How Let’s Encrypt works
With traditional Certificate Authorities, a webmaster proves their ownership of a domain by generating a CSR with their domain name, and by using a verifiable email ID.
Let’s Encrypt simplified this process by automating the domain validation.
A client program in your server takes over the role of the webmaster. It then proves to the Let’s Encrypt Certificate server that it can modify the domain contents, and generate a CSR for the domain name. It goes something like this:
Setting up Let’s Encrypt in CentOS 6 and CentOS 7
Let’s Encrypt recommends many client programs that are compatible with CentOS.
We feel CertBot from the non-profit Electronic Frontier Foundation is a good tool – if used correctly. Let’s get to that.
1. Update your system
CertBot needs a lot of packages in it’s latest version for it’s proper functioning. So, first off, update all your packages with:
# yum -y update
Then, install the EPEL (Extra Packages for Enterprise Linux) repository, to provide the latest Python packages for CertBot.
# yum -y install epel-release
Note : If your server is custom configured, an upgrade might break your website. If you suspect something like that, consult a server expert.
2. Get CertBot from EFF
CertBot is available in CentOS 7 EPEL repositories. So, if you’re on CentOS 7, install CertBot with:
# yum -y install python-certbot-apache
If you are on CentOS 6, download and make the program executable by:
# wget https://dl.eff.org/certbot-auto # chmod 755 certbot-auto
[ Managing your web server infrastructure doesn’t have to be hard, or costly. Get world class server administration services at affordable pricing. ]
Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsource Live Chat Support and Phone Support Services.