Search Our Database
Install Certbot and apply Let’s Encrypt SSL for your domain in Almalinux
Introduction
Securing your website with SSL is a critical step in ensuring data integrity, user trust, and overall site security. On AlmaLinux, administrators can utilize Certbot to automate the issuance of a free SSL certificate via Let’s Encrypt. Certbot streamlines the entire process, from certificate generation to renewal, making it easier for both new and experienced server administrators.
This guide provides step-by-step instructions on how to install Certbot on AlmaLinux and apply a Let’s Encrypt SSL certificate to your domain. The process outlined will focus on two popular web servers: Apache and Nginx. Additionally, it includes essential steps to ensure your firewall is correctly configured to allow HTTPS traffic.
Whether managing a single website or multiple domains, securing your site with HTTPS is fundamental to modern web hosting and server administration.
Prerequisites
- AlmaLinux 8 or later
- Root or sudo user access
- A registered domain name pointed to your server’s IP address
- Nginx or Apache installed on the server
- Open ports 80 (HTTP) and 443 (HTTPS) on your firewall (will also be configured in this guide)
- dnf package manager available (default on AlmaLinux)
- Access to terminal or SSH client
Step-by-step Guide
Step 1: Install the latest EPEL release on the server
sudo dnf install epel-release -y
Step 2: Install Certbot on the server
For Apache:
sudo dnf install certbot python3-certbot-apache mod_ssl
For Nginx:
sudo dnf install certbot python3-certbot-nginx
Verify that Certbot was installed correctly:
certbot --version
Expected output:
[root@cert ~]# certbot --version certbot 1.22.0
Step 3: Issue and install Let’s Encrypt SSL certificate
For Nginx:
sudo certbot --nginx
For Apache:
sudo certbot --apache
Follow the interactive prompts to:
- Enter your email address
- Agree to the Terms of Service
- Enter your domain name(s)
Certbot will automatically deploy the SSL configuration.
Step 4: Configure your firewall to allow HTTP and HTTPS traffic
For iptables:
sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT sudo service iptables save
For firewalld:
sudo firewall-cmd --permanent --add-port=80/tcp --zone=public sudo firewall-cmd --permanent --add-port=443/tcp --zone=public sudo firewall-cmd --reload
For CSF:
- Edit the CSF configuration file:
vi /etc/csf/csf.conf
- Allow ports 80 and 443:
# Allow incoming TCP ports TCP_IN = “20,21,22,25,26,53,80,110,143,443,465,587,993,995,2077” # Allow outgoing TCP ports TCP_OUT = “20,21,22,25,26,37,43,53,80,110,113,443,465,873,2087”
- Restart CSF:
csf -r
Conclusion
Congratulations! You have successfully installed Certbot and applied a Let’s Encrypt SSL certificate to secure your domain on AlmaLinux. This significantly improves your site’s security and builds trust with visitors. Remember to monitor the renewal process, which Certbot automates by default, and routinely check your server for updates or additional configurations. Keep up the great work in maintaining a secure and trustworthy web presence!
Should you have any inquiries about the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.