Table of Contents
In this article, I will explain in detail how to install let’s encrypt(Certbox) on RHEL/CentOS Using 10 Easy Steps. To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol which typically runs on your web host. More info can be checked on Let’s Encrypt Official website.
Certificate can be issued by two different ways: one way is by using shell access and another way is without using shell access. Those who want to use shell like Bash shell in Linux to generate and install SSL Certificate, it is recommended for them to use the Certbot client tool.
Install Let’s Encrypt(Certbot) on RHEL/CentOS 8
Also Read: 6 Easy Steps to Install dig and nslookup Command on RHEL/CentOS 8
Step 1: Prerequisites
a) You need to have a running RHEL/CentOS 8 Server.
b) You should have dnf tool installed in your Server. You can check 31 Useful DNF Command Examples for RPM Package Management in Fedora/RHEL/CentOS to know more about dnf command.
c) You should have sudo access to run privileged commands. You can Check How to Add User to Sudoers to know more about providing sudo access to the User.
d) You need have a running Apache web server or Nginx web server. Here we are going to use example99.com domain to install our SSL Certificate.
Step 2: Update Your System
Before going through the steps to install Let’s encrypt tool you need to first update your Server using dnf update -y command as shown below. This will download and install all the latest available updates from enabled Repo. Sometimes installing a new package requires dependencies to be updated with the latest version hence it is always recommended to run an update first. This is particularly required if you have not updated your Server from long time.
[root@localhost ~]# dnf update -y Last metadata expiration check: 0:17:57 ago on Sat 12 Sep 2020 02:25:56 PM EDT. Dependencies resolved. ======================================================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================================================== Installing: kernel-core x86_64 4.18.0-193.14.2.el8_2 BaseOS 28 M Upgrading: alsa-lib x86_64 1.2.1.2-3.el8 AppStream 441 k container-selinux noarch 2:2.124.0-1.module_el8.2.0+305+5e198a41 AppStream 47 k containers-common x86_64 1:0.1.40-11.module_el8.2.0+377+92552693 AppStream 50 k fribidi x86_64 1.0.4-8.el8 AppStream 89 k fuse-overlayfs x86_64 0.7.2-5.module_el8.2.0+305+5e198a41 AppStream 60 k git x86_64 2.18.4-2.el8_2 AppStream 186 k git-core x86_64 2.18.4-2.el8_2 AppStream 4.0 M git-core-doc noarch 2.18.4-2.el8_2 AppStream 2.3 M gtk-update-icon-cache x86_64 3.22.30-5.el8 AppStream 32 k gtk3 x86_64 3.22.30-5.el8 AppStream 4.5 M java-1.8.0-openjdk-headless x86_64 1:1.8.0.262.b10-0.el8_2 AppStream 34 M java-11-openjdk x86_64 1:11.0.8.10-0.el8_2 install dig AppStream 249 k java-11-openjdk-devel x86_64 1:11.0.8.10-0.el8_2 AppStream 3.4 M java-11-openjdk-headless x86_64 1:11.0.8.10-0.el8_2 AppStream 40 M libdrm x86_64 2.4.100-1.el8 AppStream 164 k libepoxy x86_64 1.5.3-1.el8 AppStream 225 k libmaxminddb x86_64 1.2.0-7.el8 AppStream 25 k libtiff x86_64 4.0.9-17.el8 AppStream 188 k libvncserver x86_64 0.9.11-15.el8_2.1 AppStream 275 k libwayland-client x86_64 1.17.0-1.el8 AppStream 39 k libwayland-cursor x86_64 1.17.0-1.el8 AppStream 26 k
Step 3: Install and Enable EPEL Repository
If you do not have EPEL repo installed and enabled then you need to use dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm command to install as shown below. In our case since it is already installed so it won’t install again.
[root@localhost ~]# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm CentOS-8 - AppStream 6.9 kB/s | 4.3 kB 00:00 CentOS-8 - AppStream 2.4 MB/s | 5.8 MB 00:02 CentOS-8 - Base 5.5 kB/s | 3.9 kB 00:00 CentOS-8 - Base 1.5 MB/s | 2.2 MB 00:01 CentOS-8 - Extras 2.3 kB/s | 1.5 kB 00:00 CentOS-8 - Extras 9.4 kB/s | 7.9 kB 00:00 Extra Packages for Enterprise Linux Modular 8 - x86_64 5.8 kB/s | 8.4 kB 00:01 Extra Packages for Enterprise Linux Modular 8 - x86_64 40 kB/s | 117 kB 00:02 Extra Packages for Enterprise Linux 8 - x86_64 7.8 kB/s | 7.6 kB 00:00 Extra Packages for Enterprise Linux 8 - x86_64 216 kB/s | 8.0 MB 00:37 Google Cloud SDK 250 B/s | 454 B 00:01 Google Cloud SDK 3.1 MB/s | 18 MB 00:05 RPM Fusion for EL 8 - Free - Updates 2.7 kB/s | 3.7 kB 00:01 RPM Fusion for EL 8 - Free - Updates 104 kB/s | 262 kB 00:02 epel-release-latest-8.noarch.rpm 12 kB/s | 22 kB 00:01 Package epel-release-8-8.el8.noarch is already installed. Dependencies resolved. Nothing to do. Complete!
Then you need to enable the PowerTools repository using dnf config-manager --set-enabled PowerTools command as shown below.
[root@localhost ~]# dnf config-manager --set-enabled PowerTools
Step 4: Install CertBot
If you are using Apache web server then you need to use dnf install certbot python3-certbot-apache command to install certbot as shown below.
[root@localhost ~]# dnf install certbot python3-certbot-apache CentOS-8 - AppStream 3.4 kB/s | 4.3 kB 00:01 CentOS-8 - Base 5.4 kB/s | 3.9 kB 00:00 CentOS-8 - Extras 1.8 kB/s | 1.5 kB 00:00 CentOS-8 - PowerTools 1.3 MB/s | 1.9 MB 00:01 Extra Packages for Enterprise Linux Modular 8 - x86_64 9.0 kB/s | 8.4 kB 00:00 Extra Packages for Enterprise Linux 8 - x86_64 8.2 kB/s | 7.6 kB 00:00 Google Cloud SDK 234 B/s | 454 B 00:01 RPM Fusion for EL 8 - Free - Updates 4.7 kB/s | 3.7 kB 00:00 Dependencies resolved. ======================================================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================================================== Installing: certbot noarch 1.7.0-1.el8 epel 48 k python3-certbot-apache noarch 1.7.0-1.el8 epel 142 k Installing dependencies: mod_ssl x86_64 1:2.4.37-21.module_el8.2.0+382+15b0afa8 AppStream 132 k python3-augeas noarch 0.5.0-12.el8 AppStream 31 k python3-distro noarch 1.4.0-2.module_el8.1.0+245+c39af44f AppStream 37 k python3-pyasn1 noarch 0.3.7-6.el8 AppStream 126 k python3-pytz noarch 2017.2-9.el8 AppStream 54 k sscg x86_64 2.3.3-14.el8 AppStream 49 k augeas-libs x86_64 1.12.0-5.el8 BaseOS 436 k python3-chardet noarch 3.0.4-7.el8 BaseOS 195 k python3-pysocks noarch 1.6.8-3.el8 BaseOS 34 k python3-requests noarch 2.20.0-2.1.el8_1 BaseOS 123 k python3-urllib3 noarch 1.24.2-4.el8 BaseOS 176 k python3-acme noarch 1.7.0-1.el8 epel 87 k python3-certbot noarch 1.7.0-1.el8 epel 378 k python3-configargparse noarch 0.14.0-6.el8 epel 36 k python3-josepy noarch 1.2.0-5.el8 epel 95 k python3-ndg_httpsclient noarch 0.5.1-4.el8 epel 53 k python3-parsedatetime noarch 2.5-1.el8 epel 79 k python3-pyrfc3339 noarch 1.1-1.el8 epel 19 k python3-requests-toolbelt noarch 0.9.1-4.el8 epel 91 k python3-zope-component noarch 4.3.0-8.el8 epel 313 k python3-zope-event noarch 4.2.0-12.el8 epel 210 k python3-zope-interface x86_64 4.6.0-1.el8 epel 158 k Installing weak dependencies: python-josepy-doc noarch 1.2.0-5.el8 epel 21 k Transaction Summary ======================================================================================================================================================================== Install 25 Packages Total download size: 3.1 M Installed size: 11 M
If you are using Nginx web server then you need to use dnf install certbot python3-certbot-nginx command to install certbot as shown below.
[root@localhost ~]# dnf install certbot python3-certbot-nginx Last metadata expiration check: 0:02:00 ago on Sat 12 Sep 2020 01:28:10 PM EDT. Package certbot-1.7.0-1.el8.noarch is already installed. Dependencies resolved. ======================================================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================================================== Installing: python3-certbot-nginx noarch 1.7.0-1.el8 epel 81 k Installing dependencies: python3-pyparsing noarch 2.1.10-7.el8 BaseOS 142 k Transaction Summary ======================================================================================================================================================================== Install 2 Packages Total download size: 223 k Installed size: 765 k
Step 5: Check certbot version
After successful installation of certbot you can check its installed version using certbot --version command as shown below. As shown in the output current certbot version is 1.7.0
[root@localhost ~]# certbot --version certbot 1.7.0
Step 6: Request a New SSL Certificate
If you are using apache server then you need to use certbot --apache command to request a new SSL Certificate as shown below.
[root@localhost ~]# certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
If you are using Nginx server then you need to use certbot --nginx to request a new SSL Certificate as shown below.
[root@localhost ~]# certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
If you just want to get a certificate for Apace web server then you need to use certbot certonly --apache command as shown below.
[root@localhost ~]# certbot certonly --apache
If you just want to get a certificate for Nginx web server then you need to use certbot certonly --nginx command as shown below.
[root@localhost ~]# certbot certonly --nginx
Step 7: Setup Automatic Renewal(Optional)
If you want you can setup automatic certificate renewal using crontab then you need to use below command. This command will add a cron job to the default Crontab.
[root@localhost ~]# echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
Step 8: Test SSL Setup
Now you can go to your browser and open https://example99.com. You will see a lock sign in the URL which means that SSL Certificate signed by Certificate Authority is installed now.
https://example99.com
Step 9: Renew Certificate
If you want to renew your certificate then you need to use certbot renew command as shown below.
[root@localhost ~]# certbot renew
Step 10: List All Certificates
If you want to see all the certificates certbot currently managing then you need to use certbot certificates command as shown below.
[root@localhost ~]# certbot certificates
Recommended Posts:-
8 Easy Ways to check Ubuntu Version using Bash Command Line
5 Easy Steps to Install Openssh-Server on Ubuntu 20.04 to Enable SSH
15 Practical Bash For Loop Examples in Linux/Unix for Professionals
How to Install Rust Programming Language in Linux Using 6 Best Steps
10 Useful iproute2 tools examples to Manage Network Connections in Linux
How to Limit CPU Limit of a Process Using CPULimit in Linux (RHEL/CentOS 7/8)
6 Popular Methods to List All Running Services Under Systemd in Linux
Unix/Linux Find Files and Directories Owned By a Particular User(5 Useful Examples)
33 Practical Examples of ulimit command in Linux/Unix for Professionals