Search Our Database

Install Certbot and apply Let’s Encrypt SSL for your domain in Almalinux

Last updated on |

Introduction

Securing your website with SSL is a critical step in ensuring data integrity, user trust, and overall site security. On AlmaLinux, administrators can utilize Certbot to automate the issuance of a free SSL certificate via Let’s Encrypt. Certbot streamlines the entire process, from certificate generation to renewal, making it easier for both new and experienced server administrators.

This guide provides step-by-step instructions on how to install Certbot on AlmaLinux and apply a Let’s Encrypt SSL certificate to your domain. The process outlined will focus on two popular web servers: Apache and Nginx. Additionally, it includes essential steps to ensure your firewall is correctly configured to allow HTTPS traffic.

Whether managing a single website or multiple domains, securing your site with HTTPS is fundamental to modern web hosting and server administration.

 

Prerequisites

  • AlmaLinux 8 or later
  • Root or sudo user access
  • A registered domain name pointed to your server’s IP address
  • Nginx or Apache installed on the server
  • Open ports 80 (HTTP) and 443 (HTTPS) on your firewall (will also be configured in this guide)
  • dnf package manager available (default on AlmaLinux)
  • Access to terminal or SSH client
⚠️ Important Note: Ensure that your domain’s DNS records (A or AAAA records) are already pointing to your server IP before running Certbot. Otherwise, Let’s Encrypt will fail to verify the domain ownership.

 

Step-by-step Guide

Step 1: Install the latest EPEL release on the server

sudo dnf install epel-release -y

 

Step 2: Install Certbot on the server

For Apache:

sudo dnf install certbot python3-certbot-apache mod_ssl

For Nginx:

sudo dnf install certbot python3-certbot-nginx

Verify that Certbot was installed correctly:

certbot --version

Expected output:

[root@cert ~]# certbot --version
certbot 1.22.0

 

Step 3: Issue and install Let’s Encrypt SSL certificate

For Nginx:

sudo certbot --nginx

For Apache:

sudo certbot --apache

Follow the interactive prompts to:

  • Enter your email address
  • Agree to the Terms of Service
  • Enter your domain name(s)

Certbot will automatically deploy the SSL configuration.

🖊️ Tip: Certbot automatically sets up auto-renewal by creating a systemd timer. However, it is recommended to verify renewal by running sudo certbot renew –dry-run to ensure future renewals will work properly.

 

Step 4: Configure your firewall to allow HTTP and HTTPS traffic

For iptables:

sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
sudo service iptables save

For firewalld:

sudo firewall-cmd --permanent --add-port=80/tcp --zone=public
sudo firewall-cmd --permanent --add-port=443/tcp --zone=public
sudo firewall-cmd --reload

For CSF:

  • Edit the CSF configuration file:
vi /etc/csf/csf.conf
  • Allow ports 80 and 443:
# Allow incoming TCP ports
TCP_IN = “20,21,22,25,26,53,80,110,143,443,465,587,993,995,2077”

# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,26,37,43,53,80,110,113,443,465,873,2087”
  • Restart CSF:
csf -r

 

Conclusion

Congratulations! You have successfully installed Certbot and applied a Let’s Encrypt SSL certificate to secure your domain on AlmaLinux. This significantly improves your site’s security and builds trust with visitors. Remember to monitor the renewal process, which Certbot automates by default, and routinely check your server for updates or additional configurations. Keep up the great work in maintaining a secure and trustworthy web presence!

Should you have any inquiries about the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.