Unixhops linux, howtos, tutorials, guides, linux commands
In this tutorial I will show you how to install Let’s Encrypt on LAMP server.
Let’s Encrypt is a very popular certificate authority, provide free SSL.
Yes my friend you don’t have to buy any SSL anymore.
For this demonstration I choose CentOS 7, however the process is same for other distributions.
Let’s start the demonstration
Install Let’s Encrypt and LAMP stack packages
# yum update # yum install httpd mysql-server php php-mysql php-gd php-mcrypt
Install the ‘git’ package to download the git file.
# yum install epel-release # yum install git
Now it’s time to download let’s encrypt client from official repository.
We will clone the Let’s Encrypt repository under /opt, which is a standard directory for placing third-party software on Unix systems:
# git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Generate the certificate
# cd /opt/letsencrypt # ./letsencrypt-auto --apache -d example.com
If you want ‘www’ support, run the command like below. Make sure use the base domain name as first.
# ./letsencrypt-auto --apache -d example.com -d www.example.com
Now you should be able to find your certificate files at /opt/letsencrypt/live directory with a simple directory listing.
# ls /opt/letsencrypt/live example.com/ # ls /opt/letsencrypt/live/example.com/ cert1.pem chain1.pem fullchain1.pem privatekey1.pem
The certificate is ready to use.
Create the apache virtual host for the domain ‘example.com’
# vi /etc/httpd/conf.d/example.com.conf
<VirtualHost *:80>
ServerAdmin webmaster@abc.tld
ServerName example.com
ServerAlias www.example.com
DocumentRoot /home/user/public_html
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /home/user/public_html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /opt/letsencrypt/example.com/fullchain1.pem
SSLCertificateKeyFile /opt/letsencrypt/example.com/fullchain1.pem
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Restart apache to apply the configuration
# systemctl restart httpd
Your website should be ready
Verify the status of your website using the following url. Replace the domain name accordingly.
https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latestAuto Renew certificate
By Default Let’s Encrypt certificates are valid for 90 days. In order to avoid certificate expiration and website downtime you must renew the certificate.
Let’s Encrypt provide command line tool to check and renew certificate.
./letsencrypt-auto --apache -d example.com -d www. example.com
To do this task automatically, add the following line to crontab
# crontab -e
0 1 1 */2 * cd /opt/letsencrypt && ./letsencrypt-auto certonly --apache --renew-by-default --apache -d example.com –d www.example.com >> /var/log/letsencrypt/example.com-renew.log 2>&1
Congratulation! you have successfully installed the Let’s Encrypt. It is very great full to me if this tutorial ‘Install Let’s Encrypt on LAMP server’ helpful to you.