Setting up Let's Encrypt SSL for domains hosted on an Apache web server based on CentOS 7

Let's Encrypt  has been a provider of free SSL security for millions of domains over the years. This has been made possible due to the support of Large organizations by means of funding and donations.


I will take you through an easy way of getting SSL for your domains on CentOS 7. Take the steps outlined below:


First Step: Installation of Certbot which is a Let's Encrypt Client

To get an SSL certificate successfully from Let's Encrypt for Apache web server, its client "Certbot" is required as well as "mod_ssl" which is an APACHE module that supports SSL v3 encryption layer.


By default, the certbot package is not available in the CentOS package manager. Therefore, you need to activate the EPEL repository in order for Certbot to be installed.


To get this running, use the following command;

sudo yum install epel-release


As soon as the EPEL repository is active, you can now proceed with the install of the required package to get Certbot working. Use the following command to do this;

sudo yum install certbot python2-certbot-apache mod_ssl



While installing, you will prompted to import the GPG key. The GPG key helps to check the authenticity of the package you are installing. In this case to allow the installation to go through successfully, you can type yes or "y" accordingly to continue.


When the packages are successfully installed, you can now use Certbot to request for an SSL certificate for your domain.



Second Step: Requesting an SSL Certificate

Since Certbot has now been successfully installed, it can be used to make an SSL certificate request from Let's Encrypt for your domain. Supposing your domain name is let's say "domain.com" , you can use the command below to make this request;


sudo certbot --apache -d domain.com



For multiple domains such as for an accompanying subdomain let's say "www.domain.com" and "subdomain.domain.com" , you can use the command instead as shown below;

sudo certbot --apache -d domain.com -d www.domain.com -d subdomain.domain.com


When the request processing is successful, you will see a message stating the the SSL request from Let's Encrypt is successful.


All the generated certificate files by virtue of this process will be sitting in a sub-directory according to the name of the  domain and located at the /etc/letsencrypt/live directory.




Third Step: Auto Renewal configuration for the SSL Certificate

As a norm, Let's Encrypt certificates are valid for 90 days only and tends to expire if no action is taken to renew them. It could be stressful to do renewal manually. The best practice is to set up Auto renewal using the inbuilt cron system.


To achieve this we have to edit the crontab by running the following command;

sudo crontab -e


Then add the following line to the crontab;


crontab 0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew


After adding, you can now save it and exit the crontab.



SSL is very important as it enhances trust and also helps google to make your website rank higher on google search engine. It is therefore good for your business. Our Server Experts do professional SSL installation services.


Let's Encrypt has gained popularity because they offer free SSL for millions of websites all over the world. They are a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X. 509 certificates for Transport Layer Security (TLS) encryption free of charge. The certificate is usually valid for 90 days after which is expires pending when it is renewed.