Apache - Certbot SSL Certificate
Introduction
The Certbot Package is not included in Rocky Linux’s base repository by default. In order to obtain it, we must install the EPEL (Extra Packages for Enterprise Linux) repository. This repository provides additional software packages through open-source efforts. In addition to certbot, we must also install “mod_ssl,” which is a security module for Apache to support SSL/TLS protocols.
Prerequisites
You can now install the Certbot package and its dependencies for Rocky Linux with the following commands
sudo dnf install epel-release -y
sudo dnf install mod_ssl -y
sudo dnf install certbot python3-certbot-apache -yInstall SSL Certificate for Apache httpd
Upon completion of the installation, you will be able to get a Let’s Encrypt SSL certificate. Certbot offers various methods for obtaining an SSL Certificate, you may use one of the following commands.
Simple method to complete all sites that are configured
sudo certbot --apacheAlternately, you can use the “-d” flag with this command directly to specify multiple domains
certbot --apache -d http://website.comWhen you run the above command, you will be prompted for a series of questions which you must answer in order to deploy the certificate successfully. In order to make things easier for beginners, I have separated each prompt into different boxes.
In order to verify the certificate, Let’s Encrypt it will ask you to enter your email address
Also you will need to accept the following terms and conditions
After your first certificate is issued, you will be asked to share your email address to receive updates on new/campaigns with the Electronic Frontier Foundation. The decision is yours to make “Y or N”
Depending on your web server configuration, it will list your domains and ask which one you want to activate HTTPS for. You can select ‘1’ or ‘2’. However, if you want all domains to begin using HTTPS, press ENTER
Certificate Automatic Renewal
Let’s Encrypt certificates are generally valid for 90 days, so you need to renew them manually after that time. The following command needs to be run to renew the certificate.
sudo certbot renew --dry-runHowever, we can automate the renewal process using cron jobs. In your crontab file, add the following entry:
0 0 1 * * /usr/bin/certbot renew >/dev/null 2>&1Delete Certificate
If you wish to delete the certificate, use the following command
sudo certbot deleteConclusion
We hope this article has helped you understand how to Secure Apache with SSL in Rocky Linux 9.1 step by step. You can also get help from Let’s Encrypt’s community site if you encounter any issues. Drop me your feedback/comments. Feel free to share this article with others if you like it.