SSL encryption for your website is extremely important. It prevents man in the middle attacks, helps your page's SEO, and browsers like Firefox won't warn users that your site is insecure.

Best of all, you can get all these advantages for just a few minutes of your time. In this guide, we'll show you how to install Let's Encrypt on Centos 8, and how to use it to configure SSL encryption for your website. In a few steps, your site will become accessible via HTTPS, with HTTP links (optionally) redirecting to the secure protocol as well.

In this tutorial you will learn:
  • How to install Let's Encrypt
  • How to configure Let's Encrypt SSL
Lets Encrypt on CentOS 8
Lets Encrypt on CentOS 8
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System CentOS 8 Linux
Software Let's Encrypt
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux commands to be executed as a regular non-privileged user

Prerequisites

In this guide, we're assuming that you've already setup your website successfully. If not, we have some tutorials to help you get that done. Check out our guides for installing Apache on Centos 8 or installing NGINX on Centos 8.


SUBSCRIBE TO NEWSLETTER
Subscribe to our NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


Install Let's Encrypt

Certbot is a small software package that does all the complicated legwork for ordering, installing, and renewing certificates. It gets installed to facilitate certificates from Let's Encrypt, and it has the ability to parse Apache and NGINX configuration files to make the necessary changes for you.

Let's dive right into it by opening a terminal and typing the following commands to install certbot. We'll also cover the ordering of the SSL certificate and applying the necessary configuration.

  1. We need to use Snap package manager to install certbot. It's not included by default on CentOS, but certbot developers list it as the recommended approach for installing and maintaining certbot. Type the following commands to install Snap package manager.
    $ sudo dnf install epel-release
    $ sudo dnf upgrade
    $ sudo yum install snapd
    $ sudo systemctl enable --now snapd.socket
    
  2. If Snap was already installed, ensure it's up to date.
    $ sudo snap install core
    $ sudo snap refresh core
    
  3. Now we can install the certbot snap.
    $ sudo snap install --classic certbot
    
  4. Next, prepare the certbot command.
    $ sudo ln -s /snap/bin/certbot /usr/bin/certbot
    


  5. Use certbot to get the SSL certificate. Specify --apache or --nginx depending on your web server. Other options are also available, but these are the two most common. We'll use Apache in this example.
    $ sudo certbot --apache
    
  6. Certbot will ask you a few basic questions, like email address, domain names, etc. If you want HTTP links to automatically redirect to HTTPS, be sure to make the proper selection on the prompt that asks you about redirection.

That's all there is to it. Your website should now be accessible with https://. Certbot will automatically renew the SSL certificates, and you can test this functionality with the following command.

$ sudo certbot renew --dry-run

Closing Thoughts

In this guide, we saw how to use Let's Encrypt on CentOS 8 to secure a website with an SSL certificate. Let's Encrypt does an outstanding job of taking the complexities out of SSL certificates. Certbot proves easy to install and quietly makes sure that our SSL certificate stays active and protects our website and its users.

Troubleshooting

You may get the following error when trying to install certbot via Snap on CentOS 8.

$ sudo snap install --classic certbot
error: cannot install "certbot": classic confinement requires snaps under /snap or symlink from /snap to /var/lib/snapd/snap

To fix this, use the following command to create a symbolic link, which will remedy the issue.

$ ln -s /var/lib/snapd/snap /snap
FIND LATEST LINUX JOBS on LinuxCareers.com
Submit your RESUME, create a JOB ALERT.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.