Get Let's Encrypt certificate on CentOS 7

2

Everything you need is doing by the bot, so the first step is to install it:

yum install certbot

Now you can obtain the certificate. Assume your domain is samblog.com and your contact email is info@samblog.com. Start obtaining SSL certificate with the following command:

certbot certonly \
    --manual \
    --preferred-challenges=dns \
    --email info@samblog.com \
    --server https://acme-v02.api.letsencrypt.org/directory \
    --agree-tos \
    -d samblog.com

If you need wildcard SSL certificate then just add -d *.samblog.com as an additional parameter:

certbot certonly \
    --manual \
    --preferred-challenges=dns \
    --email info@samblog.com \
    --server https://acme-v02.api.letsencrypt.org/directory \
    --agree-tos \
    -d samblog.com \
    -d *.samblog.com

Agree on logging your server's IP:

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?

Next, you will be prompted to create DNS TXT record for your domain:

Please deploy a DNS TXT record under the name
_acme-challenge.samblog.com with the following value:

j9fLDhjWEop28gwp_Sij8fiWijbpW83nSj299lfWhbo

Before continuing, verify the record is deployed.

Go to your domain registrar account and add this TXT record. After that wait till this record become visible. You can lookup your DNS records with this tool.

If you asked for wildcard or multidomain certificate then you will be prompted to add DNS TXT record one for each -d option.

When DNS TXT record(s) become visible, press Enter to complete the procedure.

You will find your certificate and private key files at /etc/letsencrypt/live/samblog.com

Share this page:

See also how to:

How to configure SSL on your web-server to get A+ rating at SSL Labs