Install Certbot on CentOS

Certbot is a Python client that automates both obtaining free certificates from Let’s Encrypt and configuring web servers to create a secure https connection using these certificates.

As an example, we will look at installing Cerbot on CentOS, learn how to get a free certificate using it and automatically configure nginx / apache.

Install Certbot on CentOS 7 with nginx / apache

To install certbot, we need to install the epel-release repository (all commands are executed with root privileges):

# yum install epel-release

Next, install the client itself and the module for working with the server (example for nginx):

# yum install certbot python2-certbot-nginx

If you are using apache, then install certbot with the appropriate module:

# yum install certbot python2-certbot-apache

We proceed to directly obtain a free certificate and configure https. If you are using nginx, run:

# certbot --nginx

If you have apache installed:

# certbot --apache

Certbot will ask for an email address that will be used for urgent renewals and security notifications. We indicate your mail and press Enter:

Next, you need to accept the user agreement, enter A and press Enter:

We will be prompted to publish our email address after successfully receiving the certificate. We refuse by entering N and Enter:

Certbot will check nginx / apache config files for domain names. If they are found, it will display a list of them and offer to indicate those for which you want to obtain certificates and configure the web server (position numbers are entered in the console, possibly several separated by a space). If you do not have configured domains, you will need to specify the name manually:

After that, we wait until the end of the client’s work:

For Certbot to work successfully, you must have ports 80 and 443 open!

We go into the browser and enter our domain. To the right of it, a lock icon will be indicated, which indicates a secure connection:

Since Let’s Encrypt certificates are issued for three months, we will configure their automatic renewal. To do this, open with any text editor cron:

# nano /etc/crontab

And we will indicate a periodic task to update all certificates using certbot:

0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q

Install Certbot on CentOS 8 with nginx / apache

To install certbot, we need to install the epel-release repository (all commands are executed with root privileges):

# dnf install epel-release

Next, install the client itself and the module for working with the server (example for nginx):

# dnf install certbot python3-certbot-nginx

If you are using apache, then install certbot with the appropriate module:

# dnf install certbot python3-certbot-apache

We proceed to directly obtain a free certificate and configure https. If you are using nginx, run:

# certbot --nginx

If you have apache installed:

# certbot --apache

Certbot will ask for an email address that will be used for urgent renewals and security notifications. We indicate your mail and press Enter:

Next, you need to accept the user agreement, enter A and press Enter:

We will be prompted to publish our email address after successfully receiving the certificate. We refuse by entering N and Enter:

Certbot will check nginx / apache config files for domain names. If they are found, it will display a list of them and offer to indicate those for which you want to obtain certificates and configure the web server (position numbers are entered in the console, possibly several separated by a space). If you do not have configured domains, you will need to specify the name manually:

After that, we wait until the end of the client’s work:

For Certbot to work successfully, you must have ports 80 and 443 open!

We go into the browser and enter our domain. To the right of it, a lock icon will be indicated, which indicates a secure connection:

Since Let’s Encrypt certificates are issued for three months, we will configure their automatic renewal. To do this, open with any text editor cron:

# nano /etc/crontab

And we will indicate a periodic task to update all certificates using certbot:

0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q