In this tutorial, you will learn how to install Let’s Encrypt on CentOS 7 with Apache. Let’s Encrypt is a free, automated, and open certificate authority developed by the Internet Security Research Group (ISRG). Certificates issued by Let’s Encrypt are valid for 90 days from the issue date. When finished, all traffic between server and client will be encrypted. We’ll use the certbot utility to obtain and renew Let’s Encrypt certificates.

  1. Update the system
yum -y update

2.   Install Apache

yum -y install httpd

3.  Install mod_ssl

yum -y install mod_ssl

4.  Create Virtual Host

We will create a virtual host for the domain: A virtual host config file is required in this step. You can create it with nano and enter the following lines:

nano /etc/httpd/conf.d/

then pasting the following contents inside:

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /var/www/

    <Directory /var/www/>
        Options -Indexes +FollowSymLinks
        AllowOverride All

    ErrorLog /var/log/httpd/
    CustomLog /var/log/httpd/ combined

Create a document root to place your HTML files.

mkdir -p /var/www/

Place the HTML file inside the document root of your domain.

echo "You focus on your business, We take care of your Servers" > /var/www/

Change the permission of the directory.

chown -R apache:apache /var/www/

Test the configuration file syntax with.

sudo apachectl configtest

Restart the Apache.

systemctl restart httpd

5.   Install certbot

Before installing certbot, make sure that you have EPEL repository activated by entering this command:

yum -y install epel-release

Make sure yum-utils is installed:

yum -y install yum-utils

Then install certbot for Apache:

yum -y install certbot-apache

Now you create an SSL certificate using the following command (replace with your own domain name).

letsencrypt --apache -d  -d 

If everything goes well you should see the following output.

6.   Automatic Certificate Renewal

A good thing about using Let’s Encrypt is that you can set an automatic certificate renewal.

To set the automatic renewal, enter this following command:

export EDITOR=/bin/nano

It will set nano as the default editor and now it can edit the crontab:

crontab -e

Actually, Let’s Encrypt suggest automatic renew cronjob runs twice a day. In order to do so, paste this command and save the crontab:

* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1


That’s All. I hope you learned How to Install Let’s Encrypt Free SSL Certificate For Apache on CentOS 7