Search Our Database
Install Certbot and apply Let’s Encrypt SSL for your domain in Almalinux
Introduction
Hello and welcome to our detailed guide on enhancing your website’s security in AlmaLinux. In this tutorial, we’re going to walk you through the process of installing Certbot and applying a Let’s Encrypt SSL certificate to your domain. This is an essential step in protecting your site’s data and building trust with your visitors by ensuring a secure connection. Whether you are a seasoned server administrator or new to managing web servers, this guide is designed to provide you with clear, step-by-step instructions to make the installation process smooth and hassle-free.
Step 1: Install the latest EPEL release in the server:
sudo dnf install epel-release -y
Step 2: Now, you need to install Certbot in the server.
For Apache:
sudo dnf install certbot python3-certbot-apache mod_ssl
For Nginx:
sudo dnf install certbot python3-certbot-nginx
To confirm that the certbot is successfully installed, check the version running by typing the following command:
certbot --version
You’ll see the output as below:
[root@cert ~]# certbot --version certbot 1.22.0
Step 3: Now, once confirmed that certbot is available in the server, we can install the Let’s Encrypt SSL certificate to secure your domain. Run the command below, depending on your web server.
sudo certbot --nginx
or
sudo certbot --apache
For this case, we will be running the command for nginx. You will see output as below:
[root@cert ~]# sudo certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): ENTER_YOUR_EMAIL_HERE - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y Account registered. Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel): ENTER_YOUR_DOMAIN_NAME(S)_HERE Requesting a certificate for domain_name and www.domain_name Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/domain_name/fullchain.pem Key is saved at: /etc/letsencrypt/live/www.domain_name/privkey.pem This certificate expires on 2023-01-14. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for domain_name to /etc/nginx/nginx.conf Successfully deployed certificate for www.domain_name to /etc/nginx/nginx.conf Congratulations! You have successfully enabled HTTPS on https://domain_name and https://www.domain_name We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Step 4: Now to you need to configure your firewall by adding firewall rules to allow connections as well as HTTP (port 80) and HTTPS (port 443) traffic:
For iptables:
sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT sudo service iptables save
For firewalld:
sudo firewall-cmd --permanent --add-port=80/tcp --zone=public sudo firewall-cmd --permanent --add-port=443/tcp --zone=public sudo firewall-cmd --reload
For csf:
Step A: You need to configure your conf file:
vi /etc/csf/csf.conf
Step B: Add port 80 and 443 at the following lines:
# Allow incoming TCP ports TCP_IN = “20,21,22,25,26,53,80,110,143,443,465,587,993,995,2077” # Allow outgoing TCP ports TCP_OUT = “20,21,22,25,26,37,43,53,80,110,113,443,465,873,2087”
Step C: Run the command below to restart the csf so that the changes will take effect:
csf -r
Conclusion
Congratulations! By following these steps, you have successfully installed an SSL certificate for your domain in AlmaLinux using Certbot. This is a significant achievement in securing your website and ensuring that your visitors’ data is transmitted securely. Remember, maintaining an SSL certificate is an ongoing process, and you should regularly check for any updates or renewals needed. If you encounter any issues or have further questions, feel free to revisit this guide or reach out for more help. Keep up the great work in maintaining a secure and trustworthy web presence!