SSL encryption for your website is extremely important. It prevents man in the middle attacks, helps your page's SEO, and browsers like Firefox won't warn users that your site is insecure.
Best of all, you can get all these advantages for just a few minutes of your time. In this guide, we'll show you how to install Let's Encrypt on Centos 8, and how to use it to configure SSL encryption for your website. In a few steps, your site will become accessible via HTTPS, with HTTP links (optionally) redirecting to the secure protocol as well.In this tutorial you will learn:
- How to install Let's Encrypt
- How to configure Let's Encrypt SSL
|Category||Requirements, Conventions or Software Version Used|
|System||CentOS 8 Linux|
|Other||Privileged access to your Linux system as root or via the |
|Conventions|| # - requires given linux commands to be executed with root privileges either directly as a root user or by use of |
In this guide, we're assuming that you've already setup your website successfully. If not, we have some tutorials to help you get that done. Check out our guides for installing Apache on Centos 8 or installing NGINX on Centos 8.
Install Let's Encrypt
Certbot is a small software package that does all the complicated legwork for ordering, installing, and renewing certificates. It gets installed to facilitate certificates from Let's Encrypt, and it has the ability to parse Apache and NGINX configuration files to make the necessary changes for you.
Let's dive right into it by opening a terminal and typing the following commands to install certbot. We'll also cover the ordering of the SSL certificate and applying the necessary configuration.
- We need to use Snap package manager to install certbot. It's not included by default on CentOS, but certbot developers list it as the recommended approach for installing and maintaining certbot. Type the following commands to install Snap package manager.
$ sudo dnf install epel-release $ sudo dnf upgrade $ sudo yum install snapd $ sudo systemctl enable --now snapd.socket
- If Snap was already installed, ensure it's up to date.
$ sudo snap install core $ sudo snap refresh core
- Now we can install the certbot snap.
$ sudo snap install --classic certbot
- Next, prepare the certbot command.
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
- Use certbot to get the SSL certificate. Specify
--nginxdepending on your web server. Other options are also available, but these are the two most common. We'll use Apache in this example.
$ sudo certbot --apache
- Certbot will ask you a few basic questions, like email address, domain names, etc. If you want HTTP links to automatically redirect to HTTPS, be sure to make the proper selection on the prompt that asks you about redirection.
That's all there is to it. Your website should now be accessible with
https://. Certbot will automatically renew the SSL certificates, and you can test this functionality with the following command.
$ sudo certbot renew --dry-run
In this guide, we saw how to use Let's Encrypt on CentOS 8 to secure a website with an SSL certificate. Let's Encrypt does an outstanding job of taking the complexities out of SSL certificates. Certbot proves easy to install and quietly makes sure that our SSL certificate stays active and protects our website and its users.
You may get the following error when trying to install certbot via Snap on CentOS 8.
$ sudo snap install --classic certbot error: cannot install "certbot": classic confinement requires snaps under /snap or symlink from /snap to /var/lib/snapd/snap
To fix this, use the following command to create a symbolic link, which will remedy the issue.
$ ln -s /var/lib/snapd/snap /snap