Saturday, July 29, 2023

How to Secure http with LetsEncrypt in Centos7 | How to Secure http with LetsEncrypt in REdHat 7

Securing your website with Let's Encrypt on CentOS 7 involves a few steps. Let's walk through the process step-by-step:

  1. Prerequisites:

    • Make sure you have root access to your CentOS 7 server.
    • Ensure your domain is properly pointed to your server's IP address.

  2. Install Certbot: Certbot is a client application that helps you obtain and manage Let's Encrypt SSL certificates. Install Certbot with the EPEL repository:

    bash
    yum install epel-release
    yum install certbot python2-certbot-apache
  3. Set Up Apache: If you're using Apache as your web server, you'll need to enable the required modules:

    bash
    yum install httpd 
    systemctl start httpd
    systemctl
    enable httpd
  4. Configure Firewall: Allow HTTP and HTTPS traffic through the firewall:

    bash
    firewall-cmd --permanent --add-service=http
    firewall-cmd --permanent --add-service=https
    firewall-cmd --reload
  5. Obtain the SSL Certificate: Use Certbot to obtain an SSL certificate for your domain. Replace domain.com with your actual domain name:

    bash
    certbot --apache -d domain.com -d www.domain.com

    Certbot will guide you through the process, and you may need to provide an email address for renewal notifications.

  6. Automate Certificate Renewal: Let's Encrypt certificates are valid for 90 days. To ensure your certificates are automatically renewed, set up a cron job:

    bash
    crontab -e

    Add the following line to run the renewal check daily:

    bash
    30 2 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renewal.log
  7. Update Apache Configuration: Certbot will automatically update your Apache configuration to use the SSL certificate. However, you might need to adjust your virtual host settings to include the following lines:

    bash
    <VirtualHost *:443>
    ServerName domain.com
    ServerAlias www.domain.com
    DocumentRoot /var/www/html
    # SSL Configuration
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
    # Other configurations as needed
    </VirtualHost>
  8. Restart Apache: After making any configuration changes, restart Apache to apply the new settings:

    bash
    systemctl restart httpd

That's it! Your website should now be accessible over HTTPS with a valid SSL certificate from Let's Encrypt. Remember to periodically check your SSL certificate's expiration and ensure that the automatic renewal process is working correctly.

No comments:

Post a Comment

Linux server hardening | Secure Linux Servers

 Linux server hardening is the process of securing a Linux server by reducing its attack surface and mitigating security risks. The goal is ...