Setup HTTPS Using Apache On CentOS 7

2 minute read


After converting from NoIP to buying a domain and hosting it on CloudFlare, I was finally ready to get SSL configured for my site (CentOS 7, Apache, WordPress, using Let’s Encrypt SSL certificate). I followed these steps:

To Resolve:

  1. First, before I even began, I had to rename my machine. Before it was a custom name schema I use on my internal network, but I had to change in order for CloudFlare to point to my host specifically:

    • To set the hostname on CentOS 7:
    sudo hostname
    sudo vim /etc/hosts #change it there next to the and the ::1
    sudo vim /etc/sysconfig/network # set it like
    # Now just check your hostname
  2. Now to begin, we edit our Apache config file:

    vim /etc/httpd/conf/httpd.conf
    # Add the given line to the last line of configuration file
    IncludeOptional setup/*.conf
  3. Now we create the file:

    sudo mkdir /etc/httpd/setup
    sudo vim /etc/httpd/setup/
    # Add the following:
    <VirtualHost *:80>
    DocumentRoot /var/www/
    # Restart apache: 
    sudo systemctl httpd restart
  4. Now we get Let’s Encrypt:

    sudo wget # Enable the EPEL Repository
    sudo rpm -ivh epel-release-latest-7.noarch.rpm
    sudo yum install git python-pip # install prereq's
    sudo git clone # clone the Let’s Encrypt source code from Github
    cd ~
  5. Before continuing, we need to get a few things ready:

    • Open port 443 on your router and forward it to your CentOS VM.
    • Open ports 80/443 on your firewall (you can disable 80 later if you want – depends on what you select later)
  6. OK, let’s get back on track, navigate to your Let’s Encrypt directory (for me that’s /home/gerry/letsencrypt)

    cd letsencrypt/
    sudo ./letsencrypt-auto --apache -d --verbose
    • Follow the wizard to create an email, accept the TOS, and continue through until you get the congratulations screen. Somewhere in there it asks if you want to allow HTTP and HTTPS and I chose the second option to force HTTPS. For me, I got numerous errors because my hostname was and CloudFlare wasn’t pointing at my VM as the root, but the “www”, so I had to go back to step one and rename my host and all the files to include the “www”. I’m sure I’m missing something, but I’m not ashamed to say I’m a Linux noob 🙂
  7. Now we go back to that setup directory and add the port 443 info:

    sudo vim /etc/httpd/setup/
    # Add the following:
    <VirtualHost *:443>
    DocumentRoot /var/www/
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/
    SSLCertificateKeyFile /etc/letsencrypt/live/
    SSLCertificateChainFile /etc/letsencrypt/live/
    # Save and exit
  8. Now we need to add the SSL certs to the Apache SSL File (feel free to skip this step as I guess Let’s Encrypt did this for me automatically)

    sudo vim /etc/httpd/conf.d/ssl.conf
    # Replace SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to point to the locations in step 8.
  9. Check the virtual host that Let’s Encrypt created (Just look for anything wrong):

    sudo cat /etc/httpd/conf.d/
  10. At this point, you just restart httpd and you have SSL!

  11. The SSL Cert by Let’s Encrypt is good for 90 days. You need to renew by running ./letsencrypt-auto renew. You can see what it’s listening to by running grep -ir "^listen" /etc/httpd/*

  12. Alternatively:

   # To renew one time manually:
   sudo certbot renew

   # Setup auto renewal
   sudo crontab -e

   # Type:
   30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
  1. Lastly, it is best practice to check your SSL configuration by visiting