Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. In this article, we are going to learn how to install Let’s Encrypt SSL on AlmaLinux 9. So, let’s get started.
Checkout the Let’s Encrypt SSL Project Here.
Pre-requisites :
- A system with AlmaLinux 9 installed and running.
root
access to the system.- LAMP Stack installed and running, for this, you can refer to one of our guides on installing the LAMP Stack (Apache, MariaDB, and PHP).
Once you’re all set, we’ll proceed with Let’s Encrypt SSL installation and configuration.
Install snapd
dnf install snapd
Update the Snap with the below commands,
snap install core
snap refresh core
Run the below commands to start and enable the Snap upon boot.
systemctl start snapd.socket
systemctl enable snapd.socket
To check status
systemctl status snapd.socket
Enable the classic snap support by creating a symbolic link from /var/lib/snapd/snap
to /snap
with the command below:
ln -s /var/lib/snapd/snap /snap
Install Certbot using Snap
We will install Certbot
using the Snap
package. For this, we need the Snap installed with the below command:
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
Configuring Apache vHost
Create a new apache configuration file blog.domainhere.info.conf
for the domain with the following command:
nano /etc/httpd/conf.d/blog.domainhere.info.conf
Add the following codes:
<VirtualHost *:80>
ServerName blog.domainhere.info
ServerAlias blog.domainhere.info
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/blog.domainhere.info-error.log
CustomLog /var/log/httpd/blog.domainhere.info-access.log combined
</VirtualHost>
Change blog.domainhere.info with
Your Domain Name
.
Now, restart & check the apache with the following commands:
systemctl restart httpd
systemctl status httpd
Enable Firewall:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Generating Let’s Encrypt SSL
Generate Let’s Encrypt SSL with the following command.
dnf install mod_ssl
or
snap certbot --apache
Output:
[root@server ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): username@mail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: blog.domainhere.info
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for blog.domainhere.info
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/blog.domainhere.info/fullchain.pem
Key is saved at: /etc/letsencrypt/live/blog.domainhere.info/privkey.pem
This certificate expires on 2022-08-23.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for blog.domainhere.info to /etc/httpd/conf.d/blog.domainhere.info-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://blog.domainhere.info
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@server ~]#
Now, navigate to your browser and load your website with https
,
You can notice a lock icon suggesting that your connection between the browser and the server is encrypted.
Now you have successfully installed Let’s Encrypt SSL with LAMP Stack on AlmaLinux 9.