How to Install Let's Encrypt SSL with LAMP Stack on Rocky Linux 10
Letβs Encrypt is a free, automated, and open certificate authority (CA) that provides TLS/SSL certificates to enable HTTPS on websites. It's a secure and easy method to protect your web traffic without any cost.
This guide explains how to install and configure Let's Encrypt SSL certificates using Certbot with the Apache web server (LAMP stack) on Rocky Linux 10.
Prerequisites
Before starting, ensure that the LAMP stack (Linux, Apache, MariaDB, PHP) is installed and working properly on your Rocky Linux 10 server.
π Follow this guide to install LAMP Stack on Rocky Linux 10
Install Snapd
Certbot recommends installation via Snap. Install Snapd using the following.
dnf install snapd -y
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snapVerify the installation,
snap versionOutput:
[root@vps ~]# snap version
snap 2.67-0.el10_0
snapd 2.67-0.el10_0
series 16
rocky 10.0
kernel 6.12.0-55.14.1.el10_0.x86_64 Install Certbot via Snap
Certbot is the official Let's Encrypt client that automates certificate issuance and renewal.
snap install core
snap refresh core
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot Create Apache Virtual Host Configuration
Create your domain configuration under Apache. For example:
nano /etc/httpd/conf.d/dev.domainhere.info.confAdd below content to the file,
<VirtualHost *:80>
ServerName blog.domainhere.info
ServerAlias blog.domainhere.info
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/blog.domainhere.info-error.log
CustomLog /var/log/httpd/blog.domainhere.info-access.log combined
</VirtualHost>Note: Replace dev.domainhere.info with actual domain name
After saving the config, restart Apache.
systemctl restart httpd
systemctl status httpdOutput:
[root@vps ~]# systemctl status httpd
β httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
Drop-In: /etc/systemd/system/httpd.service.d
ββphp-fpm.conf
Active: active (running) since Fri 2025-06-27 13:21:46 UTC; 22min ago
Invocation: 4b26f7eeb10446c294d1b096ce8b3705
Docs: man:httpd.service(8)
Main PID: 22973 (httpd)
Status: "Total requests: 83; Idle/Busy workers 100/0;Requests/sec: 0.0631; Bytes served/sec: 213 B/sec"
Tasks: 230 (limit: 23187)
Memory: 26.8M (peak: 27.4M)
CPU: 1.291s
CGroup: /system.slice/httpd.service
ββ22973 /usr/sbin/httpd -DFOREGROUND
ββ23723 /usr/sbin/httpd -DFOREGROUND
ββ23724 /usr/sbin/httpd -DFOREGROUND
ββ23725 /usr/sbin/httpd -DFOREGROUND
ββ23750 /usr/sbin/httpd -DFOREGROUND Obtain and Install Let's Encrypt SSL Certificate
Use Certbot to obtain and configure SSL certificate for Apache.
certbot --apacheFollow the interactive prompts to:
-
Select the domain.
-
Redirect HTTP to HTTPS (optional but recommended).
- Confirm installation.
Output:
[root@vps ~]# certbot --apache
Enter email address or hit Enter to skip.
(Enter 'c' to cancel): admin@test.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: dev.domainhere.info
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for dev.domainhere.info
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/dev.domainhere.info/fullchain.pem
Key is saved at: /etc/letsencrypt/live/dev.domainhere.info/privkey.pem
This certificate expires on 2025-09-25.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for dev.domainhere.info to /etc/httpd/conf.d/dev.domainhere.info-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://dev.domainhere.info
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -After the setup is complete, open your domain in a browser (e.g., https://dev.domainhere.info) to confirm that the SSL certificate is active and the site is loading over HTTPS.
Conclusion
You've successfully installed Let's Encrypt SSL on your Rocky Linux 10 server with Apache using Certbot. Your website should now be accessible securely via HTTPS.
CrownCloud - Get a SSD powered KVM VPS at $4.5/month!
Use the code WELCOME for 10% off!
1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month
Available Locations: LAX | MIA | ATL | FRA | AMS