Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. In this article, we are going to learn how to install Let’s Encrypt SSL on AlmaLinux 8. So, let’s get started.
Checkout the Let’s Encrypt SSL Project Here.
Pre-requisites :
- A system with AlmaLinux 8 installed and running.
root
access to the system.- LEMP Stack installed and running, for this, you can refer to one of our guides on installing the LEMP Stack (Nginx, MariaDB, and PHP).
Once you’re all set, we’ll proceed with Let’s Encrypt SSL installation and configuration.
Install Let’s Encrypt SSL Certificate
Install EPEL repository by running the following command.
dnf install epel-release
dnf upgrade
Output:
[root@vps]# dnf upgrade -y
error: rpmdb: BDB0113 Thread/process 64298/140349192715136 failed: BDB1507 Thread died in Berkeley DB library
error: db5 error(-30973) from dbenv->failchk: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db5 - (-30973)
error: cannot open Packages database in /var/lib/rpm
Error: Error: rpmdb open failed
[1]+ Killed dnf upgrade -y
[root@vps conf.d]#
Then, Follow the below steps,
mkdir /var/lib/rpm/backup
cp -a /var/lib/rpm/__db* /var/lib/rpm/backup/
rm -f /var/lib/rpm/__db.[0-9][0-9]*
rpm --quiet -qa
rpm --rebuilddb
yum clean all
dnf upgrade
Install snapd by running the following command.
yum install snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap
Next, Install Certbot by running the following command.
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
Enable Firewall:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Install SSL Certificate.
Use the certbot command to issue a Let’s Encrypt certificate. Replace dev1.domainhere.info
and dev@dev1.domainhere.info
with your domain name and email :
certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email dev@dev1.domainhere.info -d dev1.domainhere.info
SSL certificates are valid for 90 days. The renewal process is now automated, you do not have to renew this manually.
Restart Nginx
Restart apache to avoid getting error messages.
systemctl restart nginx
Now you have successfully installed Let’s Encrypt SSL with LEMP Stack on AlmaLinux 8.