Table of Contents#
- Prerequisites
- Update System Packages
- Install Apache Web Server
- Install Certbot
- Obtain a Let’s Encrypt Certificate
- Configure Apache to Use the SSL/TLS Certificate
- Verify the Installation
- Renewing the Certificate
- Conclusion
- References
Prerequisites#
Before we begin, make sure you have the following:
- A Rocky Linux server with root access.
- A registered domain name pointed to your server's IP address.
- Apache web server installed (we will cover the installation process if you don't have it already).
Update System Packages#
First, update the system packages to ensure you have the latest security patches and software versions. Open a terminal and run the following command:
sudo dnf update -yInstall Apache Web Server#
If you haven't already installed Apache, you can do so using the following command:
sudo dnf install httpd -yOnce the installation is complete, start the Apache service and enable it to start on boot:
sudo systemctl start httpd
sudo systemctl enable httpdInstall Certbot#
Certbot is the official Let’s Encrypt client. To install Certbot on Rocky Linux, run the following commands:
sudo dnf install epel-release -y
sudo dnf install certbot python3-certbot-apache -yObtain a Let’s Encrypt Certificate#
Now that we have Certbot installed, we can obtain a Let’s Encrypt certificate for our domain. Run the following command, replacing your_domain.com with your actual domain name:
sudo certbot --apache -d your_domain.com -d www.your_domain.comCertbot will prompt you to enter your email address and agree to the terms of service. Once you've done that, it will automatically configure Apache to use the SSL/TLS certificate.
Configure Apache to Use the SSL/TLS Certificate#
After obtaining the certificate, Certbot will automatically configure Apache to use the SSL/TLS certificate. However, it's a good idea to double-check the configuration. Open the Apache configuration file for your domain:
sudo nano /etc/httpd/conf.d/your_domain.com.confMake sure the following lines are present:
<VirtualHost *:80>
ServerName your_domain.com
ServerAlias www.your_domain.com
Redirect permanent / https://your_domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName your_domain.com
ServerAlias www.your_domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/your_domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your_domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>Save and close the file. Then, restart Apache to apply the changes:
sudo systemctl restart httpdVerify the Installation#
To verify that the SSL/TLS certificate is installed correctly, open a web browser and navigate to https://your_domain.com. You should see a padlock icon in the address bar, indicating that the connection is secure.
Renewing the Certificate#
Let’s Encrypt certificates are valid for 90 days. To renew the certificate before it expires, run the following command:
sudo certbot renew --dry-runIf the dry run is successful, you can run the actual renewal command:
sudo certbot renewCertbot will automatically renew the certificate and configure Apache to use the new certificate.
Conclusion#
In this blog post, we have walked you through the process of securing an Apache web server on Rocky Linux with a Let’s Encrypt certificate. By following these steps, you can ensure that your web applications are secure and protected from eavesdropping and man-in-the-middle attacks.