Albeit, it was not meant to be. Official procedure always resulted in
No package certbot-apache available error. So I went with slightly alternate approach:
$ yum install -y epel-release $ yum install -y certbot-apache
httpd.conf contains something like this
<VirtualHost *:80> ServerName www.example.com ServerAlias example.com DocumentRoot "/var/www/html/" </VirtualHost>
All you need is to run certbot for the first time. Of course, do try staging environment first:
$ certbot --apache -d example.com -d www.example.com --stagingThis will create file at
/etc/httpd/conf/httpd-le-ssl.confthat will have your SSL configuration. If you prefer to have all your configuration visible together, you can go ahead and copy it back into
httpd.confwith following result:
<VirtualHost *:443> ServerName www.example.com ServerAlias example.com DocumentRoot "/var/www/html/" Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem </VirtualHost>
Once you are happy with configuration (remember we are using the staging configuration at this time), you can get a proper production certificate. I personally don’t like my httpd.conf touched so I like to go with alternative “webroot” verification. As our staging certificate is fairly new, we need to force renewal.
$ certbot certonly --cert-name example.com --webroot --webroot-path /var/www/html/ --post-hook "apachectl graceful" --force-renew
To keep certificate up-to-date, we need to add following line that will attempt recertification twice a day (as recommended):
42 7,19 * * * certbot renew --cert-name example.com --webroot --webroot-path /var/www/html/ --post-hook "apachectl graceful"
Now you can enjoy your encrypted website in its full glory.