What is letsencrypt (LE)?
From the Let’s Encrypt website:
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.
Which browsers support the Let’s Encrypt CA?
Most modern browsers include the LE’s CA. For more info regarding LE’s certificates, please see this page https://letsencrypt.org/certificates/
How long are Let’s Encrypt certificates valid for?
Certificates are valid for 3 months at a time. This short expiry encourages issuing new certificates by an automated means. You can renew the certificate before the 3 months are up.
1. Install the letsencrypt certificate client, certbot:
Note; for CentOS 6, you’ll need to install certbot manually, https://certbot.eff.org/#centos6-apache
For CentOS 7, install certbot with yum using the EPEL repository.To install certbot with yum, you’ll need to ensure that you have the EPEL repository enabled.
yum install certbot -y
2. Configure letsencrypt certificate on CentOS Linux
In this example, we’ll assume:
- DNS is configured to point to the domain/subdomain that you are requesting a certificate for
- webserver and virtualhost is configured for the domain/subdomain
Retrieve certificate using the webroot authentication method:
certbot certonly --webroot -w <PATH_TO_YOUR_VIRTUALHOST> -d www.<YOUR_DOMAIN> -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS> --agree-tos
Once verified, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/live/<YOUR_DOMAIN>