Apache Virtual Hosts SSL Certbot
You can use Certbot for Let’s Encrypt to request free SSL Certificates to secure your server and websites built on Apache virtual hosts SSL. Here we are going to install Certbot. Then we are going to request certificates. For our servers hostname and a website on the server. Then we are going to configure Certbot to automatically renew certificates. If you followed our guide on Installing Roundcube in a CentOS 7 NVMe VPS you can now use this guide to secure your Roundcube install.
Install the EPEL repo if you don’t have it already and proceed to install Certbot and its dependencies.
yum -y install epel-release yum -y install certbot python2-certbot-apache mod_ssl certbot --apache
Request a Free Certificate For Your Domain
If you currently only have http enabled and if you followed our Roundcube install guide you will only have http at the moment now is the time to get your certificate. Request all versions of your domain name like www and mail
certbot certonly -d mail.yourdomain.com -d yourdomain.com -d www.yourdomain.com
You will be asked how you want to validate the domain names for the certificate. Choose option 2 to place the files in the websites home directory. We used smarthost.email in our Roundcube guide so the home directory would be;
Now, once complete you will be shown the location of the certificates. Our SSL certificate was saved to
/etc/letsencrypt/live/yourdomain.com/cert.pem /etc/letsencrypt/live/yourdomain.com/privkey.pem /etc/letsencrypt/live/yourdomain.com/fullchain.pem
So now we need to tell Apache that we have an SSL certificate and we want to use it on our website smarthost.email.
Configure Apache SSL Virtual Hosts
In our previous article we set up our website smarthost.email using Apache virtual hosts. Certbot should create a new virtual hosts file for us automatically. If not we need to add a new .conf file to use our SSL. Our virtual hosts configuration files were stored at /etc/httpd/sites-available/ so let’s create a new host file.
Now, enter the code below swapping the values for your environment. Make sure you get the right paths to your Let’s Encrypt certificates. You can get them using ls.
Save and close your SSL configuration file. Now we need to add the certificates to our Apache configuration. This is done in the ssl.conf file which is located in /etc/httpd/conf.d/ file. Open up the file. and find the lines
SSLCertificateFile SSLCertificateKeyFile SSLCertificateChainFile
Set the paths to your Let’s Encrypt certificate like in the virtual host’s file. Also, ensure the document root is correct. Then save and close the file. Next, restart Apache.
systemctl restart httpd && systemctl status httpd
Apache should now be able to serve your website or application over https://. Visit your website using the https protocol to confirm.
Configure Certbot To Automatically Renew Certificates
You can renew Let’s Encrypt certificates automatically using a cron job. When adding creon jobs it much easier to use nano so first change your editor to use nano.
Next, open up the crontab file. It will likely be empty but if it’s not just add the folowing line to the bottom of the file.
crontab -e * */12 * * * /usr/bin/certbot renew >/dev/null 2>&1
You can test this will work but running the renewal command above in the console. Just enter /usr/bin/certbot renew to test. You will receive a message saying your certificate is not yet due for renewal.
How was this article? How To Configure Apache Virtual Hosts SSL Certbot