How to Install SSL Certificate in Linux with CentOS 7

In this article, you will learn how to install an SSL certificate on CentOS 7.

SSL (Secure Socket Layer) is a web protocol that uses encryption to protect traffic to your server. It means that all information has been encrypted and can only be accessed by the intended recipient.

This protocol is commonly expected for eCommerce or online financial services because they store sensitive information such as credit card details.

However, SSL certificates are required for all sites in order to protect users’ confidential data such as login credentials, social security numbers, ID cards, and so on.

Fortunately, you can obtain an SSL certificate from a provider such as Comodo or Let’s Encrypt, which will be used in our installation tutorial.

Installing Apache Manually

Before installing SSL, make sure that Apache (web server software) is already installed on your CentOS.

You can easily test this by typing httpd -v when accessing the server through SSH. If Apache is installed, you will see a result similar to the one below.

Luckily on Hostinger, users can choose to either have Apache preinstalled on their servers or to install it manually.

On CentOS 7, Apache can be installed through software repositories by entering this command on the terminal:

sudo yum install httpd

Now to start using Apache, type in:

sudo systemctl start httpd

If you want Apache to start automatically at boot, enable it with:

sudo systemctl enable httpd

How to Install SSL Certificate in Linux with Let’s Encrypt

Let’s Encrypt offers a free SSL certificate. Let’s take a look at how to install it on your server.

We recommend checking the system first just to make sure it’s updated.

yum -y update

Next, you’ll need mod_ssl to configure Let’s Encrypt.

yum -y install mod_ssl

Now, configure Apache by creating a document root folder for the website.

mkdir /var/www/hostinger-dev-9.xyz

A virtual host config file is required in this step. You can create it with nano and enter the following lines:

nano /etc/httpd/conf.d/hostinger-dev-9.xyz.conf

In nano, enter this code

<VirtualHost *:80>
ServerAdmin admin@test.com
DocumentRoot "/var/www/hostinger-dev-9.xyz"
ServerName hostinger-dev-9.xyz
ServerAlias www.hostinger-dev-9.xyz.com
ErrorLog "/var/log/httpd/test.error_log"
CustomLog "/var/log/httpd/test.access_log" common
</VirtualHost>

Replace owner of the /var/www/hostinger-dev-9.xyz directory with your apache user so it can recognize the directory

chown -R apache:apache /var/www/hostinger-dev-9.xyz

Certbot Installation

Before installing certbot, make sure that you have EPEL repository activated by entering this command:

yum -y install epel-release

Next is to install yum-utils

yum -y install yum-utils

Only then you can install certbot for Apache

yum -y install certbot-apache

After installing certbot, run it by executing:

certbot

There will be a prompt asking you the names you want to activate https on:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apacheStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: hostinger-dev-9.xyz
2: www.hostinger-dev-9.xyz
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Just press enter so both hostinger-dev-9.xyz and www.hostinger-dev-9.xyz will be redirected to https

Another prompt will show up:

Choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect – Make no further changes to the web server configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select number 2 to redirect both your website names to https.

You should see the output below if the process is done correctly

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled
https://hostinger-dev-9.xyz and https://www.hostinger-dev-9.xyz

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=hostinger-dev-9.xyz
https://www.ssllabs.com/ssltest/analyze.html?d=www.hostinger-dev-9.xyz
-------------------------------------------------------------------------------

Automatic Certificate Renewal

A good thing about using Let’s Encrypt is that you can set an automatic certificate renewal.

To set the automatic renewal, enter this following command:

export EDITOR=/bin/nano

It will set nano as the default editor and now it can edit the crontab:

crontab -e

Actually, Let’s Encrypt suggest automatic renew cron job runs twice a day. In order to do so, paste this command and save the crontab:

* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1

How to Install SSL Certificate With Comodo

COMODO SSL is a paid SSL certificate provider. With it, users can choose to encrypt their server traffic. Here’s how to install it on CentOS 7

Download the Intermediate (ComodoRSACA.crt) and Primary Certificate (domain_name.crt) and copy them to the server directory. It will store your certificate and key files.

Find Apache config file. Usually, the file name is httpd.conf or apache2.conf. Common locations for the file are either /etc/httpd/ or /etc/apache2/. If it can’t be found, the alternative is to search using grep by typing the command below:

grep -i -r "SSLCertificateFile" /etc/httpd/

Now, if you want to enable SSL on your server, configure it with your <VirtualHost> by  pasting this following line into it:

<VirtualHost 31.220.62.130>
DocumentRoot /var/www/hostinger-dev-9.xyz
ServerName www.hostinger-dev-9.xyz
SSLEngine on
SSLCertificateFile /var/www/hostinger-dev-9.xyz.crt
SSLCertificateKeyFile /var/www/your_private.key
SSLCertificateChainFile /var/www/ComodoCA.crt
</VirtualHost>

• 31.220.62.130 : change this to your server IP Address
• SSLCertificateFile needs to be changed to your COMODO certificate file (for example. domain_name.crt)
• SSLCertificateKeyFile is the generated key file when you created the CSR (Certificate Signing Request)
• SSLCertificateChainFile is the COMODO intermediate certificate file (ComodoRSACA.crt)

It is important to check your Apache config file before restarting. If there is a syntax error, Apache may not start at all. You can type this command to make sure everything is working fine:

apachectl configtest

After all is checked, restart the Apache with SSL support:

apachectl stop

and then

apachectl start

In case Apache does not start with SSL support, use “apachectl startssl” instead.

Conclusions

SSL is required to secure traffic on your website, especially if it deals with transactions. COMODO SSL and Let’s Encrypt are two providers which let you install SSL certificate on a Linux VPS running CentOS 7. While installing either of them can be tricky, it is worth the effort.