How to secure Apache with Let's Encrypt on CentOS Stream

Step-by-step instructions on how to secure your Apache web server using Let's Encrypt.

What is Let's Encrypt and how does it improve security?

Let's Encrypt issues SSL/TLS certificates. This significantly increases security because the traffic is encrypted by HTTPS (protection against loss of login, password and other sensitive data, which is especially important when connecting to open public networks).

In order to secure Apache using Let's Encrypt tools, you must first:

• connect CentOS Stream and install Apache;
• start a virtual host on Apache to which domen will connect;
• configure firewall on the server;
• open ports for http and https (these are 80 and 443 respectively).

All commands are executed as a user who has sudo privileges but is not root.

Step-by-step instructions on how to secure Apache with Let's Encrypt

1. Install Certbot in order to automate all the issues of getting security certificates and/or renewing them from the certificate authority. For the installation we need snapd packages, so install snapd. The command is $ sudo dnf install snapd.

2. Start the snapd service, which will handle the snap packs. To save time in the future, add the service to autoloader.

3. Reboot the server and make sure that all packages work correctly. If they are in order, install the module for Apache with the command

$ sudo dnf install mod_ssl

4. Install Certbot using the command

$ sudo snap install --classic certbot.

Make a symlink to run it

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

5. Create a certificate on CentOS Stream using certbot. The system asks you to answer the questions and enter your e-mail address. When done, specify the domen for which the cerbot needs to be created. This is done using the command

$ sudo certbot --apache

The instruction is complete. Nothing complicated. Now you know how to properly secure Apache with Let's Encrypt.