Home » How to Install Let’s Encrypt SSL with LEMP Stack on AlmaLinux 8

How to Install Let’s Encrypt SSL with LEMP Stack on AlmaLinux 8

by tuanlp

Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. In this article, we are going to learn how to install Let’s Encrypt SSL on AlmaLinux 8. So, let’s get started.

Checkout the Let’s Encrypt SSL Project Here.

Pre-requisites :

  • A system with AlmaLinux 8 installed and running.
  • root access to the system.
  • LEMP Stack installed and running, for this, you can refer to one of our guides on installing the LEMP Stack (Nginx, MariaDB, and PHP).

Once you’re all set, we’ll proceed with Let’s Encrypt SSL installation and configuration.

Install Let’s Encrypt SSL Certificate

Install EPEL repository by running the following command.

 dnf install epel-release
 dnf upgrade

Output:

[root@vps]#  dnf upgrade -y
error: rpmdb: BDB0113 Thread/process 64298/140349192715136 failed: BDB1507 Thread died in Berkeley DB library
error: db5 error(-30973) from dbenv->failchk: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db5 -  (-30973)
error: cannot open Packages database in /var/lib/rpm
Error: Error: rpmdb open failed
[1]+  Killed                  dnf upgrade -y
[root@vps conf.d]#

Then, Follow the below steps,

mkdir /var/lib/rpm/backup
cp -a /var/lib/rpm/__db* /var/lib/rpm/backup/
rm -f /var/lib/rpm/__db.[0-9][0-9]*
rpm --quiet -qa
rpm --rebuilddb
yum clean all

dnf upgrade

Install snapd by running the following command.

 yum install snapd
 systemctl enable --now snapd.socket
 ln -s /var/lib/snapd/snap /snap

Next, Install Certbot by running the following command.

 snap install --classic certbot
 ln -s /snap/bin/certbot /usr/bin/certbot

Enable Firewall:

firewall-cmd --permanent --add-service=http

firewall-cmd --permanent --add-service=https

firewall-cmd --reload

Install SSL Certificate.

Use the certbot command to issue a Let’s Encrypt certificate. Replace dev1.domainhere.info and dev@dev1.domainhere.info with your domain name and email :

certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email dev@dev1.domainhere.info -d dev1.domainhere.info

SSL certificates are valid for 90 days. The renewal process is now automated, you do not have to renew this manually.

Restart Nginx

Restart apache to avoid getting error messages.

systemctl restart nginx

Now you have successfully installed Let’s Encrypt SSL with LEMP Stack on AlmaLinux 8.

You may also like