VPS

How to Install SSL Certificate on CentOS 7

In this article, you will learn how to install SSL Certificate on CentOS 7.

SSL (Security Socket Layer) is a web protocol used to protect traffic to your server via encryption. It means all information is locked and can only be accessed by the intended recipient.

Commonly, ecommerce or online financial services are expected to have this protocol since they store sensitive information, like credit cards details.

However, SSL certificate is actually mandatory for all sites, to protect users’ confidential data, such as login credentials, social security numbers, ID cards, etc.

Luckily, you can easily get an SSL certificate from a provider like COMODO SSL and Let’s Encrypt, which will be used in our installation tutorial.

Installing Apache Manually

Before installing SSL, make sure that Apache (web server software) is already installed on your CentOS.

You can easily test this by typing httpd -v when accessing the server through SSH. If Apache is installed, you will see a result similar to the one below.

Verifying Apache installationLuckily on Hostinger, users can choose to either have Apache preinstalled on their servers or to install it manually.

On CentOS 7, Apache can be installed through software repositories by entering this command on the terminal:

sudo yum install httpd

Now to start using Apache, type in:

sudo systemctl start httpd

If you want Apache to start automatically at boot, enable it with:

sudo systemctl enable httpd

How to enable and run apache on centOS 7

How to Install SSL Certificate with Let’s Encrypt

Let’s Encrypt offers a free SSL certificate. Let’s take a look at how to install it on your server.

Important: We use “hostinger-dev-9.xyz” as our test site, but you have to change it to your site’s name.

We recommend checking the system first just to make sure it’s updated.

yum -y update

Next, you’ll need mod_ssl to configure Let’s Encrypt.

yum -y install mod_ssl

Now, configure Apache by creating a document root folder for the website.

mkdir /var/www/hostinger-dev-9.xyz

A virtual host config file is required in this step. You can create it with nano and enter the following lines:

nano /etc/httpd/conf.d/hostinger-dev-9.xyz.conf

In nano, enter this code

<VirtualHost *:80>
ServerAdmin admin@test.com
DocumentRoot "/var/www/hostinger-dev-9.xyz"
ServerName hostinger-dev-9.xyz
ServerAlias www.hostinger-dev-9.xyz.com
ErrorLog "/var/log/httpd/test.error_log"
CustomLog "/var/log/httpd/test.access_log" common
</VirtualHost>

Replace owner of the /var/www/hostinger-dev-9.xyz directory with your apache user so it can recognize the directory

chown -R apache:apache /var/www/hostinger-dev-9.xyz

Certbot Installation

Before installing certbot, make sure that you have EPEL repository activated by entering this command:

yum -y install epel-release

Next is to install yum-utils

yum -y install yum-utils

Only then you can install certbot for Apache

yum -y install certbot-apache

Certbot installationAfter installing certbot, run it by executing:

certbot

There will be a prompt asking you the names you want to activate https on:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apacheStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: hostinger-dev-9.xyz
2: www.hostinger-dev-9.xyz
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Just press enter so both hostinger-dev-9.xyz and www.hostinger-dev-9.xyz will be redirected to https

Another prompt will show up:

Choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect – Make no further changes to the web server configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select number 2 to redirect both your website names to https.

You should see the output below if the process is done correctly

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled
https://hostinger-dev-9.xyz and https://www.hostinger-dev-9.xyz

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=hostinger-dev-9.xyz
https://www.ssllabs.com/ssltest/analyze.html?d=www.hostinger-dev-9.xyz
-------------------------------------------------------------------------------

Automatic Certificate Renewal

A good thing about using Let’s Encrypt is that you can set an automatic certificate renewal.

To set the automatic renewal, enter this following command:

export EDITOR=/bin/nano

It will set nano as the default editor and now it can edit the crontab:

crontab -e

Actually, Let’s Encrypt suggest automatic renew cronjob runs twice a day. In order to do so, paste this command and save the crontab:

* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1

How to Install SSL Certificate With Comodo

COMODO SSL is a paid SSL certificate provider. With it, users can choose to encrypt their server traffic. Here’s how to install it on CentOS 7

Download the Intermediate (ComodoRSACA.crt) and Primary Certificate (domain_name.crt) and copy them to the server directory. It will store your certificate and key files.

Find Apache config file. Usually, the file name is httpd.conf or apache2.conf. Common locations for the file are either /etc/httpd/ or /etc/apache2/. If it can’t be found, the alternative is to search using grep by typing the command below:

grep -i -r "SSLCertificateFile" /etc/httpd/

Note: change “/etc/httpd/” to your base directory of Apache installation.

Now, if you want to enable SSL on your server, configure it with your <VirtualHost> by  pasting this following line into it:

<VirtualHost 31.220.62.130>
DocumentRoot /var/www/hostinger-dev-9.xyz
ServerName www.hostinger-dev-9.xyz
SSLEngine on
SSLCertificateFile /var/www/hostinger-dev-9.xyz.crt
SSLCertificateKeyFile /var/www/your_private.key
SSLCertificateChainFile /var/www/ComodoCA.crt
</VirtualHost>
  • 31.220.62.130 : change this to your server IP Address
  • SSLCertificateFile needs to be changed to your COMODO certificate file (for example. domain_name.crt)
  • SSLCertificateKeyFile is the generated key file when you created the CSR (Certificate Signing Request)
  • SSLCertificateChainFile is the COMODO intermediate certificate file (ComodoRSACA.crt)

It is important to check your Apache config file before restarting. If there is a syntax error, Apache may not start at all. You can type this command to make sure everything is working fine:

apachectl configtest

After all is checked, restart the Apache with SSL support:

apachectl stop

and then

apachectl start

In case Apache does not start with SSL support, use “apachectl startssl” instead.

Conclusions

SSL is required to secure traffic on your website, especially if it deals with transactions. COMODO SSL and Let’s Encrypt are two providers which let you install SSL certificate on CentOS 7. While installing either of them can be tricky, it is worth the effort.

About the author

Irfan F.

Irfan is a member of the Digital Content Writer team at Hostinger. He believes that technology and the internet can help improve our lives significantly. That's why he shares his experience as a WordPress blogger to educate others. In his free time, Irfan enjoys good films and books.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Exclusive Content

Join thousands of webmasters who get our free newsletter with tips on how to drive more traffic and revenue to their websites!

Please wait...

Thank you for sign up!