Home » Linux » How To » Install Let’s Encrypt on LAMP server

Install Let’s Encrypt on LAMP server

In this tutorial I will show you how to install Let’s Encrypt on LAMP server.

Let’s Encrypt is a very popular certificate authority, provide free SSL.

Yes my friend you don’t have to buy any SSL anymore.

For this demonstration I choose CentOS 7, however the process is same for other distributions.

Let’s start the demonstration

Install Let’s Encrypt and LAMP stack packages

# yum update
# yum install httpd mysql-server php php-mysql php-gd php-mcrypt

Install the ‘git’ package to download the git file.

# yum install epel-release
# yum install git

Now it’s time to download let’s encrypt client from official repository.

We will clone the Let’s Encrypt repository under /opt, which is a standard directory for placing third-party software on Unix systems:

# git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Generate the certificate

# cd /opt/letsencrypt
# ./letsencrypt-auto --apache -d example.com

If you want ‘www’ support, run the command like below. Make sure use the base domain name as first.

# ./letsencrypt-auto --apache -d example.com -d www.example.com

Now you should be able to find your certificate files at /opt/letsencrypt/live directory with a simple directory listing.

# ls /opt/letsencrypt/live

# ls /opt/letsencrypt/live/example.com/
 cert1.pem       chain1.pem     fullchain1.pem            privatekey1.pem

The certificate is ready to use.

Create the apache virtual host for the domain ‘example.com’

# vi /etc/httpd/conf.d/example.com.conf
<VirtualHost *:80>
    ServerAdmin webmaster@abc.tld
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /home/user/public_html
<VirtualHost *:443>
    ServerAdmin webmaster@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /home/user/public_html
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCertificateFile        /opt/letsencrypt/example.com/fullchain1.pem
    SSLCertificateKeyFile  /opt/letsencrypt/example.com/fullchain1.pem
    BrowserMatch "MSIE [2-5]" \
           nokeepalive ssl-unclean-shutdown \
           downgrade-1.0 force-response-1.0

Restart apache to apply the configuration

# systemctl restart httpd

Your website should be ready

Verify the status of your website using the following url. Replace the domain name accordingly.


Auto Renew certificate

By Default Let’s Encrypt certificates are valid for 90 days. In order to avoid certificate expiration and website downtime you must renew the certificate.

Let’s Encrypt provide command line tool to check and renew certificate.

./letsencrypt-auto --apache -d example.com  -d www. example.com

To do this task automatically, add the following line to crontab

# crontab -e
0 1 1 */2 * cd /opt/letsencrypt && ./letsencrypt-auto certonly --apache --renew-by-default --apache -d example.com –d www.example.com >> /var/log/letsencrypt/example.com-renew.log 2>&1

Congratulation! you have successfully installed the Let’s Encrypt. It is very great full to me if this tutorial ‘Install Let’s Encrypt on LAMP server’ helpful to you.

Check Also

Password less SSH authentication

Password less SSH authentication is one of the best security practices to avoid any password …

Leave a Reply

Your email address will not be published. Required fields are marked *