How to use Letsencrypt Free SSL Certificate on CentOS Linux

What is letsencrypt (LE)?

From the Let’s Encrypt website:

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.

Which browsers support the Let’s Encrypt CA?

Most modern browsers include the LE’s CA. For more info regarding LE’s certificates, please see this page

How long are Let’s Encrypt certificates valid for?

Certificates are valid for 3 months at a time. This short expiry encourages issuing new certificates by an automated means. You can renew the certificate before the 3 months are up.

Installing letsencrypt

1. Install the letsencrypt certificate client, certbot:

Note; for CentOS 6, you’ll need to install certbot manually,

For CentOS 7, install certbot with yum using the EPEL repository.To install certbot with yum, you’ll need to ensure that you have the EPEL repository enabled.

yum install certbot -y

2. Configure letsencrypt certificate on CentOS Linux

In this example, we’ll assume:

  • DNS is configured to point to the domain/subdomain that you are requesting a certificate for
  • webserver and virtualhost is configured for the domain/subdomain

Retrieve certificate using the webroot authentication method:

certbot certonly --webroot -w <PATH_TO_YOUR_VIRTUALHOST> -d www.<YOUR_DOMAIN> -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS> --agree-tos

Once verified, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/live/<YOUR_DOMAIN>

Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the author of CentOS Blog. Please feel free to comment with any suggestions, feedback or questions!