How to Get Let's Encrypt SSL on CentOS 8
Let's Encrypt is a certificate authority that allows anyone to get a free SSL/TLS certificate and provide encryption for their services (web server, email, etc.). In addition, the Certbot client allows you to automate many processes. After the server is configured correctly, you can get a certificate in a few minutes, and then renew it automatically. To do this, you must ensure that the following points are met:
- Your server has a public IP address;
- You have a domain name. In this tutorial domain-name.com used as an example, replace it with yours FQDN;
- The DNS A record of your domain name contains the IP address of your server.
Installing snapd
Certbot developers recommend using snapd to automatically manage and maintain your package. Let’s install it.
Now, start and enable it.
You also need to create the following symbolic link to enable classic snap support.
After that reboot your system.
Make sure that the latest version is installed.
Installing Certbot
Make sure that there is no Certbot on your system.
Install Cerbot.
Add the following symbolic link to ensure successful launch of Certbot.
Ways to get an SSL certificate Let's Encrypt
When running Certbot challenge you can enter multiple domain names of your site as aliases when prompted. For example, domain-name.com, www.domain-name.com.
If you don't have any web server running, use this command and follow the instructions:
It uses the HTTP port to check the response when accessing the domain name. If your web server is already running and you don't want to stop it, use the following one. You will be asked to enter the domain name and its webroot to confirm your rights to it.
Wildcard SSL certificate and DNS challenge
Another way to verify your rights to a domain name and its server is DNS challenge. And this is the only way to get a wildcard SSL certificate. You must have access to manage your site's DNS records. Use this command and follow the instructions:
Automatic certificate renewal
During the installation of Certobot, automatic certificate updates are configured. This is a timer that will check for certificates which will expire soon in the system and update them. To see if it is configured, look here:
If you see no output, you can check here:
cat /etc/cron.*/*
To test the automatic renewal process, run: