How to Secure Apache with Let's Encrypt on CentOS Stream

Step-by-step instructions on how to secure the Apache web server using Let's Encrypt.

What is Let's Encrypt and how does it improve security?

Let's Inscript issues SSL/TLS certificates. This allows you to significantly increase security, because traffic is encrypted with HTTPS (protection against loss of login, password and other secret data, which is especially important when connecting to open public networks).

To secure Apache using Let's Encrypt tools, you must first:

connect CentOS Stream and install Apatch;

run on Apache wirth. the host that domen will connect to;

configure on the brandmaeur server;

open ports for working with http and https (these are 80 and 443 respectively).

All commands are executed on behalf of a user who has sudo rights, but is not a root.

Step-by-step instructions on how to secure Apache with Let's Encrypt

1. Install Certbot in order to automate all issues of obtaining security certificates from the certifying center and/or renewing them. To install, we need snap packages, so we put snapd. The command is $sudo dnf install snapd.

2. Launch the snapd service, which will work with snap packages. To save time in the future, we add the service to the startup.

3. Restart the server and make sure that all packages work correctly. If they are in order, install the Apache module with the command $ sudo dnf install mod_ssl.

4. Install Certbot using the command $ sudo snap install --classic certbot. To start, we make a symlink $ sudo ln -s /snap/bin/certbot /usr/bin/certbot.

5. Create a certificate for CentOS Stream using a Certbot. The system asks you to answer questions and enter an email address. When you have done this, specify the domen for which you want to create a SAT. This is done using the command $sudo certbot --apache.

The instruction is completed. Nothing complicated. Now you know how to properly secure Apache with Let's Encrypt.