Let’s Encrypt your Apache webserver on CentOS 7

encrypt your apache

Introduction

It was September when, with a post on its blog, Google announced that starting from Chrome 56, its browser will mark non-secure pages containing password and credit card input fields as Not Secure in the URL bar.
It’s important to note that we are talking about all HTTP pages collecting users’ “critical” data.
This move is part of a long-term plan to mark all HTTP sites as non-secure. So, if you own (or manage) a web server, you need to make the right move:this article this will explain just what that means.

Why HTTPS?

The first question is: why is Google doing this? What are the concerns around HTTP, and why, today, is it a good choice to secure connections?
Of course, everybody knows that secure is better then insecure; but in this case, the big problem with HTTP is that it lacks a system for protecting communications between clients and servers. This exposes data to different kinds of attacks, for instance, the “Man in the middle” (MIM), in which the attacker intercepts your data. If you are using some transaction system with your bank, using credit card infos, or just entering a password to log in to a web site, this can become very dangerous.
This is why HTTPS exists (HTTP over TLS, or, HTTP over SSL, or, HTTP Secure).
If you are on Unixmen, you probably know what this means: SSL/TLS ensures encrypted connections.
So, if your job is to keep a web server up and running on, you should switch to HTTPS.

Getting started with HTTPS

First off, to enable HTTPS on your site, you need a certificate. These can be acquired from a Certificate Authority (CA). Next you’ll want to follow our tutorial, where we’ll talk about Let’s Encrypt. We will configure on an Apache web server running on CentOS 7.
In order to get it, it’s necessary to demonstrate control over the domain to secure. You can accomplish this task through software that uses ACME.
We will suppose that you have shell access to your server; in other words, that you can connect through SSH.

Using Certbot

Certbot is a powerful, yet easy to use, ACME client that the EFF provides.
In CentOS 7, you can find Certbot on the EPEL repository; if you enable it, just install what you need:

# yum install python-certbot-apache

It has a solid Apache plugin, and it automates almost all the required passages. Just give the command:

$ certbot --apache

After that, you’ll see a guide to customize your options, just like this:
image1
Enter the domain you want to secure; then, Certbot will prompt you to enter your email address.
image2
Next, you will choose the Virtual Host file, being the default ssh.conf.
After that, you can decide whether to enable both http and https access or redirect to https. The secure option is the second one (https). At the end of the procedure, Certbot will display a message containing configuration information.

Edit CentOS SSL configuration

If you want to add more security, you have to make some changes.
First, edit the Virtual Host file you specified during configuration through Certbot. If you used the default one, the file should be /etc/httpd/conf.d/ssl.conf.
There, for securing Apache SSL, we can follow this recommandation, which, for our example, is:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off 
SSLUseStapling on 
SSLStaplingCache "shmcb:logs/stapling-cache(150000)" 
# Requires Apache >= 2.4.11
SSLSessionTickets Off

Of course, remember that you can have compatibility troubles with old clients, so it’s up to you whether to change the previous lines as suggested, or choose another route.
When you’re finished, save and close the file.

Testing and executing your new configuration

This is the easiest task. Check for syntax errors, running:

# apachectl configtest

If, as output, you have a Syntax OK it means that you have not made mistakes in editing conf file.
So, it’s time to restart Apache:

# systemctl restart httpd

Now, if everything went well, your web server will start to serve pages through SSL connections.

More about certificates

Let’s Encrypt certificates last for 90 days, so it’s up to you to renew. Using Certbot, you can test the automatic renewal system with this command:

certbot renew --dry-run

If it works, you can add a cron or systemd job to manage automatic renewal.

Conclusion

If you are at this point, your web server should be serving clients through secure connections.
And, of course, Chrome will no longer mark your site as Not Secure.

  • I got paid 104000 dollars in 2016 by freelancing on-line a­n­d I did that by working part-time f­­o­­r 3+ hrs every day. I followed a business model I stumbled upon from this website i found online and I am so excited that i was able to make so much extra income. It’s very beginner-friendly and I’m so grateful that I found out about it. This is what i did… STATICTAB.COM/x4biwaa

  • I’ve earned $104k in last twelve months by freelancing on-line a­n­d I did that by work­ing part time f­­o­­r few hrs daily. I followed an earning opportunity I was introduced by this company i found on-line and I am thrilled that i made so much money. It’s really user friendly a­n­d I am just so grateful that i learned about it. This is what i did… STATICTAB.COM/x4biwaa

  • I was paid 104 thousand bucks in 2016 by freelancing online a­n­d I did that by wor­king in my own time f­­o­­r 3 or sometimes more hours on daily basis. I used an earning opportunity I was introduced by this web-site i found online and I am so thrilled that i earned so much money. It’s newbie friendly a­­n­­d I am just so thankful that I found out about this. This is what i did… STATICTAB.COM/gpfvgtj

  • tucker-claire

    I’ve profited $104,000 previous year by doing an online job at my house a­­n­­d I did that by w­o­r­k­i­n­g part time f­­o­­r several h on daily basis. I was following an earning opportunity I found on-line and I am so happy that i was able to make so much money on the side. It’s newbie-friendly a­n­d I am just so happy that i found it. Check out what I did… STATICTAB.COM/owgxpdb

  • I have profited $104,000 last year by doing an on-line job and I did it by wor­king part-time for few h daily. I was following work model I found online and I am thrilled that i was able to make so much extra income. It’s user friendly a­n­d I’m so thankful that i found it. Here is what i do… STATICTAB.COM/r2tyhgi

  • I was paid 104000 dollars last year by freelancing from home a­­n­­d I did that by wor­king part time f­­o­­r 3+ hrs a day. I’m using work model I found on-line and I am thrilled that i earned so much money on the side. It’s really user-friendly and I am just so blessed that i discovered it. Here’s what I do… STATICTAB.COM/astkxim

  • I got paid $104,000 previous year by freelancing on-line and I manage to do it by wo­rking in my own time for 3 or sometimes more hrs /day. I followed work opportunity I came across from company that i found online and I am happy that I was able to earn so much money. It’s so newbie friendly a­­n­­d I am just so grateful that i found it. Here is what i do… STATICTAB.COM/gpfvgtj

  • I got paid 104,000 bucks previous year by doing an online job and I did it by working part time f­­o­­r several hrs /day. I’m using work opportunity I was introduced by this website i found online and I am so happy that i was able to make so much money on the side. It’s beginner-friendly a­­n­­d I am just so blessed that i discovered this. Here is what i do… STATICTAB.COM/h8vxywm

  • I got paid $104000 in 2016 by freelancing online a­n­d I did that by wor­king in my own time f­­o­­r 3 or sometimes more hours /daily. I followed work opportunity I found online and I am so amazed that i made so much money. It’s newbie-friendly and I am just so grateful that i discovered it. This is what i did… please visit my account for webpage

  • I have profited 104,000 bucks in last twelve months by doing an on-line job a­­n­­d I did that by work­ing part time for 3+ hrs every day. I followed work model I came across from company that i found online and I am amazed that i was able to make so much money. It’s beginner-friendly and I’m just so grateful that I found out about this. This is what i do…TWITTER.COM/StinnettMargar1/status/835739136078163968

  • I’ve earned 104,000 bucks in last 12 months by freelancing from my house a­­n­­d I manage to do it by work­ing part time f­­o­­r several hours a day. I was following a money making model I was introduced by this website i found online and I am happy that i made so much extra income. It’s very beginner friendly a­n­d I am just so grateful that i found it. Here’s what I did… EASYURL.NET/523c8

  • I profited 104,000 thousand dollars in last twelve months by freelancing from my house and I manage to do it by work­ing part-time f­­o­­r few hrs on daily basis. I was following a business model I came across online and I am so excited that i made such great money. It’s so beginner-friendly and I’m so thankful that i discovered this. Here is what i do… http://www.wzurl­.­me/BJaKaw

  • I have made 104 thousand dollars in last 12 months by doing an on-line job from home a­­n­­d I manage to do it by wor­king in my own time f­­o­­r 3 or sometimes more hrs /day. I was following work opportunity I found on-line and I am so thrilled that I was able to earn so much money on the side. It’s so newbie friendly and I’m so grateful that i discovered it. Here is what i do… http://budget25­.­weebly­.­com

  • alice.masterson

    I have profited 104000 dollars previous year by doing an online job from my house a­n­d I did it by w­orking part-time for few h daily. I used a money making opportunity I was introduced by this company i found online and I am excited that I was able to earn so much money on the side. It’s beginner friendly and I am just so blessed that i found this. This is what i do… http://www.wzurl­.­me/m7IQvg

  • I was paid 104000 bucks past 12 month period by doing an internet based job while I was able to do it by w­orking in my own time f­o­r quite a few hours on a regular basis. I tried job opportunity I came across on the web and also I am delighted that I was succeed to make such good money. It is seriously newbie-friendly and I am so pleased that I discovered out about it. Take a look at what I do… www­.­cat­.­org­.­uk/snip/93439

  • jacqueline.burton

    I was paid 104000 dollars past year by doing a web based work and also I was able to do it by w­orking in my own time f­o­r quite a few hours every day. I utilized job opportunity I found out on the internet and so I am delighted that I was capable to make such great money. It’s seriously newbie-friendly and therefore I’m so delighted that I found out regarding it. Check out what I do… http://secure10­.­weebly­.­com

  • I was paid 104000 bucks previous 12 month period by doing an on-line task and consequently I was able to do it by w­orking in my own time f­o­r several hours everyday. I applied work opportunity I came across over the internet and also I am excited that I was able to make such decent money. It’s undoubtedly newbie-friendly and therefore I am so delighted that I found out about it. Find out more about what I do… http://urll­.­in/SpMqX

  • I was paid 104000 dollars last year by doing an online job and consequently I was able to do it by w­orking in my own time f­o­r several hours during the day. I applied job opportunity I stumbled upon on the internet and so I am excited that I was manage to make such decent earnings. It is genuinely newbie-friendly and I am so blessed that I discovered out about it. Go and visit what I do… http://olaurl­.­com/15cq3

  • M­a­n­y p­e­o­ple desire t­o ha­v­e a passive earnings at h­o­me, bu­t t­he­y do­n’t kno­w ho­w t­o exactly d­o th­at o­n th­e Int­ernet. Th­ere ar­e a a number of w­ays t­o ea­rn large am­ount of mo­ney, b­ut wh­enev­er p­eopl­e t­ry th­at the­y g­et tr­app­ed in a fraud, Thus I am sh­aring wi­th yo­u a g­enuine an­d gu­arante­ed w­ay f­or fre­e to ea­rn hug­e am­ount of mon­ey a­t ho­me.I am making atleast $10000 on a monthly basis since a year.Its an on line job and also hassle-free to do, Even a little boy or girl can do this job and make online money. If you want a happy and wealthy life then you should copy and paste this web site in browser and then follow instructions to get started today and make Thousands Over the internet……….. http://s­.­id/2hh

  • M­a­n­y p­e­o­ple wish t­o ha­v­e a awesome earnings at h­o­me, bu­t t­he­y do­n’t kno­w ho­w t­o exactly d­o th­at o­n th­e Int­ernet. Th­ere ar­e a a number of w­ays t­o ea­rn massive am­ount of mo­ney, b­ut wh­enev­er p­eopl­e t­ry th­at the­y g­et tr­app­ed in a s­cam, And so I am sh­aring wi­th yo­u a g­enuine an­d gu­arante­ed w­ay f­or fre­e to ea­rn hug­e am­ount of mon­ey a­t ho­me.I am making atleast $10000 on a monthly basis since 12 months.Its on-line work and pretty easy to do, Even a little boy or girl can do this job and make money. If you want a happy and wealthy life then you should copy and paste this site in browser and then follow instructions to get started right now and make Thousands On the internet……….. http://b1z­.­org/38R

  • @John A. Jones If you are curious and excited about taking home $100 every single day… view this info>>
    DELICIOUSURL.COM//2g