Apache Virtual Hosts SSL Certbot

Apache Virtual Hosts There is a newer guide on Apache Virtual Hosts SSL. This page is not maintained anymore.

You can use Certbot for Let’s Encrypt to request free SSL Certificates to secure your server and websites built on Apache virtual hosts SSL. Here we are going to install Certbot. Then we are going to request certificates. For our servers hostname and a website on the server. Then we are going to configure Certbot to automatically renew certificates. If you followed our guide on Installing Roundcube in a CentOS 7 NVMe VPS you can now use this guide to secure your Roundcube install.

Install Certbot

Install the EPEL repo if you don’t have it already and proceed to install Certbot and its dependencies.

yum -y install epel-release
yum -y install certbot python2-certbot-apache mod_ssl
certbot --apache

The following sections are now not needed due to the –apache function in the above command. This will ask you for your domain details. We have left the legacy instructions below.

Request a Free Certificate For Your Domain

If you currently only have http enabled and if you followed our Roundcube install guide you will only have http at the moment now is the time to get your certificate. Request all versions of your domain name like www and mail

certbot --apache -d mail.yourdomain.com -d yourdomain.com -d www.yourdomain.com

You will be asked how you want to validate the domain names for the certificate. Choose option 2 to place the files in the websites home directory. We used smarthost.email in our Roundcube guide so the home directory would be;

/var/www/yourdomain.com/public_html/

Now, once complete you will be shown the location of the certificates. Our SSL certificate was saved to

/etc/letsencrypt/live/yourdomain.com/cert.pem
/etc/letsencrypt/live/yourdomain.com/privkey.pem
/etc/letsencrypt/live/yourdomain.com/fullchain.pem

So now we need to tell Apache that we have an SSL certificate and we want to use it on our website smarthost.email.

Configure Apache SSL Virtual Hosts

In our previous article we set up our website smarthost.email using Apache virtual hosts. Certbot should create a new virtual hosts file for us automatically. If not we need to add a new .conf file to use our SSL. Our virtual hosts configuration files were stored at /etc/httpd/sites-available/ so let’s create a new host file.

nano /etc/httpd/sites-available/ssl-yourdomain.com.conf

Now, enter the code below swapping the values for your environment. Make sure you get the right paths to your Let’s Encrypt certificates. You can get them using ls.

ls /etc/letsencrypt/live/domain.com

Save and close your SSL configuration file. Now we need to add the certificates to our Apache configuration. This is done in the ssl.conf file which is located in /etc/httpd/conf.d/ file. Open up the file. and find the lines

nano /etc/httpd/conf.d/ssl.conf

SSLCertificateFile
SSLCertificateKeyFile
SSLCertificateChainFile

Set the paths to your Let’s Encrypt certificate like in the virtual host’s file. Also, ensure the document root is correct. Then save and close the file. Next, restart Apache.

systemctl restart httpd && systemctl status httpd

Apache should now be able to serve your website or application over https://. Visit your website using the https protocol to confirm.

Configure Certbot To Automatically Renew Certificates

You can renew Let’s Encrypt certificates automatically using a cron job. When adding creon jobs it much easier to use nano so first change your editor to use nano.

export EDITOR=/bin/nano

Next, open up the crontab file. It will likely be empty but if it’s not just add the folowing line to the bottom of the file.

crontab -e

* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1

You can test this will work but running the renewal command above in the console. Just enter /usr/bin/certbot renew to test. You will receive a message saying your certificate is not yet due for renewal.

How was this article? How To Configure Apache Virtual Hosts SSL Certbot

Click to rate this post!

[Total: 2 Average: 5]

Spread the love