How to Install Let’s Encrypt on CentOS
Install free SSL on CentOS with Certbot, enable HTTPS, and test certificate renewal step by step.
Before you start
Step-by-step instructions
1. Install Certbot
Certbot is a tool that automatically issues and renews SSL certificates using Let’s Encrypt.
yum install certbot python3-certbot-apacheThis includes automatic renewal functionality and works with Apache.
2. Move to your domain directory
Go to the root directory of the domain where you want to install SSL.
cd /home/domain.com/wwwMake sure this directory matches your actual document root.
3. Issue SSL certificate
Run Certbot to generate the SSL certificate for your domain.
certbot --apache certonly -d domain.comThe domain must match the ServerName in your Apache configuration.
- Enter your email address
- Agree to the terms (Y)
- Choose whether to receive emails (Y/N)
4. Check certificate location
Certificates are stored in the following directory:
/etc/letsencrypt/live/domain.comFiles inside:
cert.pem
chain.pem
fullchain.pem
privkey.pem5. Configure SSL in Apache
Edit your SSL configuration file and add the certificate paths.
vi /etc/httpd/conf.d/ssl.conf<VirtualHost *:443>
DocumentRoot "/home/domain.com/www"
ServerName domain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/domain.com/chain.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/fullchain.pem
</VirtualHost>6. Restart Apache
service httpd graceful
service httpd restart7. Enable auto renewal
Run the renewal command manually and test:
certbot renewcertbot renew --dry-runAdd cron job:
vi /etc/crontab0 4 15 */2 * certbot renewservice crond restart8. Redirect HTTP to HTTPS
Force all HTTP traffic to HTTPS.
vi /etc/httpd/conf/http-vhostRedirect permanent / https://domain.comRestart Apache after applying changes.
Common issues
Check DNS records, port 80 access, firewall rules, and cloud instance security settings. Let’s Encrypt must be able to reach your server from the public internet.
If the web server is not correctly matched to the domain, Certbot may install the certificate on the wrong configuration block or fail to detect the site properly.
Many SSL problems appear later during renewal, not during the first install. Always run the dry-run command once before finishing the setup.
About this guide
This guide shows how to install Let’s Encrypt free SSL on CentOS step by step. It covers the basic requirements, Certbot installation, certificate issuance, HTTPS verification, and renewal testing.
How to follow this guide
- Point your domain to the correct server IP address before starting.
- Make sure port 80 and port 443 are open.
- Install Certbot and the matching web server plugin.
- Request the certificate for your domain.
- Enable HTTPS and confirm the site loads securely.
- Run a renewal dry test to make sure future renewals work properly.
Why use this method?
Let’s Encrypt helps you secure your website with HTTPS for free. It improves browser trust, protects traffic, and is now expected for most modern websites, forms, and public services.
Frequently Asked Questions
Is Let’s Encrypt free on CentOS?
Yes. Let’s Encrypt provides free SSL certificates that you can install on a CentOS server.
Do I need a domain before using Let’s Encrypt?
Yes. Your domain should already point to the correct server so the validation process can complete successfully.
Can I use Let’s Encrypt with both Nginx and Apache?
Yes. Certbot supports both, and you should install the plugin that matches your web server.
How do I check whether renewal works?
You can run the Certbot dry-run renewal command to confirm that automatic renewal is working correctly.