How to Install free Let’s Encrypt SSL for Apache Webserver on CentOS 7

In this article, you will know how to install an SSL certificate on CentOS 7.

SSL (Security Socket Layer) is a web protocol used to protect traffic to the server through encryption.

Typically, e-commerce or online financial services need this protocol because they often store sensitive information, like credit cards.

However, SSL certificates have now become a common standard for all websites, to protect user’s confidential data, like login information, social security numbers, ID cards, and more.

Fortunately, you can get a completely free and easy SSL certificate from the provider Let’s Encrypt, and we will guide you through installing SSL for Apache Webserver on a CentOS 7 server in this article.

Install Let's Encrypt for Apache on CentOS 7

How to install Let’s Encrypt SSL certificate for Apache on CentOS 7

You will need to reread how to access the Server’s SSH using Putty if you forgot.

Let’s Encrypt provides everyone with a completely free SSL certificate. Let’s see how to install it on Apache Webserver running CentOS 7 below.

Step 1: To get started you will need to update your system first with the following command

yum -y update

Step 2: Install mod_ssl to configure Let’s Encrypt

yum install -y mod_ssl

Step 3: Install EPEL repository and yum-utils

yum –y install epel-release yum-utils

Step 4: install Certbot for apache

yum –y install certbot-apache

Step 5: Install SSL


We need to go to the /etc/letsencrypt/live/{domain} directory to check the files containing the SSL key and certificate.

How to set up for automatic certificate renewal

By default, Let’s Encrypt is only valid for 90 days from the date of registration. So automatic certificate renewal is very important because if you forget it, the SSL certificate will expire. Therefore we need to set it to automatically renew when it is almost expired.

Step 1: Run the command below to check the renewal process manually

certbot renew –dry-run

This command will check for renewal of the current certificate if the certificate is less than 30 days from the expiration date.

Step 2: Adjust the cronjob to be able to run the auto-renew check command

acrontab -e

Add below line in cronjob

0 0 15 * * /usr/bin/certbot renew >/dev/null 2>&1

Thus, the above cronjob will automatically renew at 00:00 on the 15th of every month, you will not need to worry about forgetting to renew the certificate when it is almost expired.

Good luck!

You May Also Like
About the Author: Anh
Blogger at

Leave a Reply

Your email address will not be published. Required fields are marked *