rConfig - SSL for CentOS/RHEL/Rocky

2 mins V7 Pro V6 Core

This guide is intended to provide a general overview of the process using Let’s Encrypt, and you should consult your security team or a security professional to ensure that your SSL configuration is secure and meets your organization’s requirements.

If you are using a reverse proxy, you need to configure the APP_FORCE_HTTPS environment variable to ensure that HTTPS is enforced. Follow these steps to set it up:

Open your .env file:

 vim /var/www/html/rconfig7/current/.env

Add the following line:
Terminal window
```
APP_FORCE_HTTPS=true
```
Save and exit. Press Esc, then type :wq and hit Enter.

Clear the application cache:

php /var/www/html/rconfig7/current/artisan rconfig:clear-all

1. Update the system

As a best practice, ensure that your system is fully updated prior to the installation of any packages:

 yum -y update

2. Install mod_ssl

Install mod_ssl as well as we are going to need it to configure our Let’s Encrypt SSL certificate:

yum -y install mod_ssl

3. Install certbot

To install certbot first we need to make sure we have the EPEL repository enabled, to do that execute the following command:

yum -y install epel-release

Make sure yum-utils is installed:

yum -y install yum-utils

Then install certbot for Apache:

yum -y install certbot-apache

Now that we have certbot installed, run certbot with the following command:

 certbot --apache

Certbot will ask you for the names you would like to activate HTTPS for:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: yourdomainname.com
2: rconfig.yourdomainname.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Press enter to continue and then optionally if you want you can redirect your sites to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

If everything goes well you should see the following output:

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled
https://test.com and https://www.test.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=yourdomainname.com
https://www.ssllabs.com/ssltest/analyze.html?d=rconfig.yourdomainname.com
-------------------------------------------------------------------------------

4. Configure automatic renewal

Now we are going to add a cronjob so our Let’s Encrypt SSL certificates can be renewed automatically.

Execute the following command to edit the crontab:

crontab -e

Let’s Encrypt recommends the automatic renew cronjob to run twice a day, to do that add the following line and then save and exit the crontab:

* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1

Now you should have successfully installed and configured Let’s Encrypt with Apache.

Credit: https://linuxhostsupport.com/blog/how-to-install-lets-encrypt-on-centos-7-with-apache/

Lets Encrypt: https://letsencrypt.org/