How to Install Let's Encrypt SSL with LAMP Stack on Rocky Linux 9

Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. In this article, we are going to learn how to install Let's Encrypt SSL on Rocky Linux 9. So, let’s get started.

Checkout the Let's Encrypt SSL Project Here.

Get started with $5 VPS from CrownCloud. Check our latest offers : CrownCloud VPS [ 24x7 In-House Customer Support ]

Pre-requisites :

  • A system with Rocky Linux 9 installed and running.

  • root access to the system.

  • A domain with appropriate DNS records set (usually an "A" record with a value of the server's IP address).

  • LAMP Stack installed and running, for this, you can refer to one of our guides on installing the LAMP Stack (Apache, MariaDB, and PHP).

Once you're all set, we'll proceed with Let's Encrypt SSL installation and configuration.

Install snapd

We will install the snapd tool for installing and setting up the snaps. Run the below command,

dnf install snapd

Update the Snap with the below commands,

snap install core
snap refresh core

Run the below commands to start and enable the Snap upon boot.

systemctl start snapd.socket

systemctl enable snapd.socket

To check status

systemctl status snapd.socket

Enable the classic snap support by creating a symbolic link from /var/lib/snapd/snap to /snap with the command below:

ln -s /var/lib/snapd/snap /snap

Install Certbot using Snap

We will install Certbot using the Snap package. For this, we need the Snap installed with the below command:

snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot

Configuring Apache vHost

Create a new apache configuration file blog.domainhere.info.conf for the domain with the following command:

nano /etc/httpd/conf.d/blog.domainhere.info.conf

Add the following codes:

  <VirtualHost *:80>
  ServerName blog.domainhere.info
  ServerAlias blog.domainhere.info
  DocumentRoot /var/www/html

  <Directory /var/www/html/>
      Options -Indexes +FollowSymLinks
      AllowOverride All
  </Directory>

  ErrorLog /var/log/httpd/blog.domainhere.info-error.log
  CustomLog /var/log/httpd/blog.domainhere.info-access.log combined
  </VirtualHost>

Change blog.domainhere.info with Your Domain Name.

Now, restart & check the apache with the following commands:

systemctl restart httpd

systemctl status httpd

Enable Firewall:

firewall-cmd --permanent --add-service=http

firewall-cmd --permanent --add-service=https

firewall-cmd --reload

Generating Let's Encrypt SSL

Generate Let's Encrypt SSL with the following command.

dnf install mod_ssl

certbot --apache

Output:

[root@server ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): username@mail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: blog.domainhere.info
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for blog.domainhere.info

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/blog.domainhere.info/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/blog.domainhere.info/privkey.pem
This certificate expires on 2022-08-23.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for blog.domainhere.info to /etc/httpd/conf.d/blog.domainhere.info-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://blog.domainhere.info

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@server ~]#

Now, navigate to your browser and load your website with https,

(https://your.domainname.com)

You can notice a lock icon suggesting that your connection between the browser and the server is encrypted.

Now you have successfully installed Let's Encrypt SSL with LAMP Stack on Rocky Linux 9.