How to Setup Let's Encrypt SSL Certificate with Apache on Rocky Linux 8

Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. In this article, we are going to learn how to install Let's Encrypt SSL on Rocky Linux 8. So, let’s get started.

Pre-requisites:

Install EPEL Repo

For installing some of the packages later in this articel, we will need Epel repo installed.

dnf install epel-release mod_ssl

Output:

[root@vps ~]# dnf install epel-release mod_ssl
Last metadata expiration check: 1:47:07 ago on Tue 22 Nov 2022 06:42:22 PM UTC.
Dependencies resolved.
================================================================================
 Package          Arch   Version                                Repo       Size
================================================================================
Installing:
 epel-release     noarch 8-18.el8                               extras     24 k
 mod_ssl          x86_64 1:2.4.37-51.module+el8.7.0+1059+126e9251
                                                                appstream 138 k
Installing dependencies:
 apr              x86_64 1.6.3-12.el8                           appstream 128 k
 apr-util         x86_64 1.6.1-6.el8.1                          appstream 104 k
 httpd            x86_64 2.4.37-51.module+el8.7.0+1059+126e9251 appstream 1.4 M
 httpd-filesystem noarch 2.4.37-51.module+el8.7.0+1059+126e9251 appstream  41 k
 httpd-tools      x86_64 2.4.37-51.module+el8.7.0+1059+126e9251 appstream 108 k
 mailcap          noarch 2.1.48-3.el8                           baseos     38 k
 mod_http2        x86_64 1.15.7-5.module+el8.6.0+823+f143cee1   appstream 153 k
 rocky-logos-httpd
                  noarch 86.3-1.el8                             baseos     24 k
 sscg             x86_64 3.0.0-5.el8                            appstream  50 k
Installing weak dependencies:
 apr-util-bdb     x86_64 1.6.1-6.el8.1                          appstream  23 k
 apr-util-openssl x86_64 1.6.1-6.el8.1                          appstream  26 k
Enabling module streams:
 httpd                   2.4

Next,install Certbot in Rocky Linux

 dnf install certbot python3-certbot-apache 

Configuring Apache vHost

If you already have a vHost configuration, then you do not need to create one. (Skip to next step)

Incase you do not have any vHost, you may follow the below steps for a simple configuration.

In this article we are using blog.domainhere.info as an example domain. You would need to replace this with your actual domain name.

Create a new apache configuration file blog.domainhere.info.conf for the domain with the following command:

nano /etc/httpd/conf.d/blog.domainhere.info.conf

Add the following codes:

  <VirtualHost *:80>
  ServerName blog.domainhere.info
  ServerAlias blog.domainhere.info
  DocumentRoot /var/www/html

  <Directory /var/www/html/>
      Options -Indexes +FollowSymLinks
      AllowOverride All
  </Directory>

  ErrorLog /var/log/httpd/blog.domainhere.info-error.log
  CustomLog /var/log/httpd/blog.domainhere.info-access.log combined
  </VirtualHost>

Change blog.domainhere.info with Your Domain Name.

Now, restart & check the apache with the following commands:

systemctl restart httpd

systemctl status httpd

Enable Firewall:

firewall-cmd --permanent --add-service=http

firewall-cmd --permanent --add-service=https

firewall-cmd --reload

Generating Let's Encrypt SSL

Generate Let's Encrypt SSL with the following command.

certbot --apache

Output:

[root@vps ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: blog.domainhere.info
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for blog.domainhere.info

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/blog.domainhere.info/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/blog.domainhere.info/privkey.pem
This certificate expires on 2023-02-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for blog.domainhere.info to /etc/httpd/conf.d/blog.domainhere.info-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://blog.domainhere.info

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Now, navigate to your browser and load your website with https,

(https://your.domainname.com)

You can notice a lock icon suggesting that your connection between the browser and the server is encrypted.

Now you have successfully installed LetsEncrypt SSL Certificate with Apache on Rocky Linux 8.