How to Setup Let's Encrypt SSL Certificate with Apache on Rocky Linux 8
Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. In this article, we are going to learn how to install Let's Encrypt SSL on Rocky Linux 8. So, let’s get started.
Pre-requisites:
root
access to the server.Apache
web server installed and running. You can refer our LAMP (Apache, MariaDB and PHP) Stack installation.
Install EPEL Repo
For installing some of the packages later in this articel, we will need Epel repo installed.
dnf install epel-release mod_ssl
Output:
[root@vps ~]# dnf install epel-release mod_ssl
Last metadata expiration check: 1:47:07 ago on Tue 22 Nov 2022 06:42:22 PM UTC.
Dependencies resolved.
================================================================================
Package Arch Version Repo Size
================================================================================
Installing:
epel-release noarch 8-18.el8 extras 24 k
mod_ssl x86_64 1:2.4.37-51.module+el8.7.0+1059+126e9251
appstream 138 k
Installing dependencies:
apr x86_64 1.6.3-12.el8 appstream 128 k
apr-util x86_64 1.6.1-6.el8.1 appstream 104 k
httpd x86_64 2.4.37-51.module+el8.7.0+1059+126e9251 appstream 1.4 M
httpd-filesystem noarch 2.4.37-51.module+el8.7.0+1059+126e9251 appstream 41 k
httpd-tools x86_64 2.4.37-51.module+el8.7.0+1059+126e9251 appstream 108 k
mailcap noarch 2.1.48-3.el8 baseos 38 k
mod_http2 x86_64 1.15.7-5.module+el8.6.0+823+f143cee1 appstream 153 k
rocky-logos-httpd
noarch 86.3-1.el8 baseos 24 k
sscg x86_64 3.0.0-5.el8 appstream 50 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8.1 appstream 23 k
apr-util-openssl x86_64 1.6.1-6.el8.1 appstream 26 k
Enabling module streams:
httpd 2.4
Next,install Certbot in Rocky Linux
dnf install certbot python3-certbot-apache
Configuring Apache vHost
If you already have a vHost configuration, then you do not need to create one. (Skip to next step)
Incase you do not have any vHost, you may follow the below steps for a simple configuration.
In this article we are using
blog.domainhere.info
as an example domain. You would need to replace this with your actual domain name.
Create a new apache configuration file blog.domainhere.info.conf
for the domain with the following command:
nano /etc/httpd/conf.d/blog.domainhere.info.conf
Add the following codes:
<VirtualHost *:80>
ServerName blog.domainhere.info
ServerAlias blog.domainhere.info
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/blog.domainhere.info-error.log
CustomLog /var/log/httpd/blog.domainhere.info-access.log combined
</VirtualHost>
Change blog.domainhere.info with Your Domain Name
.
Now, restart & check the apache with the following commands:
systemctl restart httpd
systemctl status httpd
Enable Firewall:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Generating Let's Encrypt SSL
Generate Let's Encrypt SSL with the following command.
certbot --apache
Output:
[root@vps ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: blog.domainhere.info
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for blog.domainhere.info
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/blog.domainhere.info/fullchain.pem
Key is saved at: /etc/letsencrypt/live/blog.domainhere.info/privkey.pem
This certificate expires on 2023-02-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for blog.domainhere.info to /etc/httpd/conf.d/blog.domainhere.info-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://blog.domainhere.info
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Now, navigate to your browser and load your website with https
,
You can notice a lock icon suggesting that your connection between the browser and the server is encrypted.
Now you have successfully installed LetsEncrypt SSL Certificate with Apache on Rocky Linux 8.
CrownCloud - Get a SSD powered KVM VPS at $4.5/month!
Use the code WELCOME
for 10% off!
1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month
Available Locations: LAX | MIA | ATL | FRA | AMS