Apache run external program with SELinux enabled

This is helpful when you don't want to disable Selinux and need to run external program like wkhtmltopdf via apache on selinux enabled. Run the following commands from the terminal. (This has been tested in CentOS 7)

Allow Execution

setsebool httpd_execmem on

Change a dirs security context if the program writes to a file

chcon -R -t httpd_sys_rw_content_t dir
apache selinux

Apache let's encrypt centos

Create needed directories

cd /etc/httpd
mkdir /etc/httpd/sites-available
mkdir /etc/httpd/sites-enabled


IncludeOptional sites-enabled/*.conf

To vim /etc/httpd/conf/httpd.conf

Create vhost

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/html
    ErrorLog /var/log/apache/example.com/error.log

Enable vhost

Apache let's encrypt on ubuntu 16.04

Update and install the Let's Encrypt client


sudo apt-get update
sudo apt-get install letsencrypt python-letsencrypt-apache

Invoke letsencrypt

sudo letsencrypt --apache -d <DOMAIN HERE>

Automate the renewal process

sudo letsencrypt renew renews all the domains on the server secured with Let's Encrypt as long as there are less than 30 days remaining until the certificate expires. We can automate the renewal process via cron.

Editing crontab:

QR Code for https://setupexample.com/tags/apache