How to Setup Let's Encrypt SSL Certificate with Apache on AlmaLinux 9

---

Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. In this article, we are going to learn how to install Let's Encrypt SSL on AlmaLinux 9. So, let’s get started.

Pre-requisites:

---

• root user access to the server.
• Apache Web server installed and running. You may also refer to our LAMP (Apache, MariaDB and PHP) Stack article for installation.

Install EPEL Repo

---

For installing some of the packages later in this articel, we will need Epel repo installed.

dnf install epel-release mod_ssl

Next, install Certbot in AlmaLinux

 dnf install certbot python3-certbot-apache 

Configuring Apache vHost

---

If you already have a vHost configuration, then you do not need to create one. (Skip to next step)

Incase you do not have any vHost, you may follow the below steps for a simple configuration.

In this article we are using blog.domainhere.info as an example domain. You would need to replace this with your actual domain name.

Create a new apache configuration file blog.domainhere.info.conf for the domain with the following command:

nano /etc/httpd/conf.d/blog.domainhere.info.conf

Add the following codes:

  <VirtualHost *:80>
  ServerName blog.domainhere.info
  ServerAlias blog.domainhere.info
  DocumentRoot /var/www/html

  <Directory /var/www/html/>
      Options -Indexes +FollowSymLinks
      AllowOverride All
  </Directory>

  ErrorLog /var/log/httpd/blog.domainhere.info-error.log
  CustomLog /var/log/httpd/blog.domainhere.info-access.log combined
  </VirtualHost>

Change blog.domainhere.info with Your Domain Name.

Now, restart & check the apache with the following commands:

systemctl restart httpd

systemctl status httpd

Enable Firewall:

firewall-cmd --permanent --add-service=http

firewall-cmd --permanent --add-service=https

firewall-cmd --reload

Generating Let's Encrypt SSL

---

Generate Let's Encrypt SSL with the following command.

certbot --apache

Output:

[root@vps ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: blog.domainhere.info
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for blog.domainhere.info

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/blog.domainhere.info/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/blog.domainhere.info/privkey.pem
This certificate expires on 2023-02-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for blog.domainhere.info to /etc/httpd/conf.d/blog.domainhere.info-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://blog.domainhere.info

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Now, navigate to your browser and load your website with https,

(https://your.domainname.com)

You can notice a lock icon suggesting that your connection between the browser and the server is encrypted.

Now you have successfully installed Let's Encrypt SSL Certificate with Apache on AlmaLinux 9.