THe AlmaLinux logo which is a ring of people with their hands meeting in the center. Each person is a different color, and it ends up looking like a rainbow flower shape

Alma Linux Apache Install for Certbot

Alright, so now that I have an Alma Linux VPS. Next, for no good reason, I want to be able to use this VPS remotely. It has Cockpit, so I enabled that, but then I tried to use HTTPS:// to connect, and it threws a TLS error. Enter Certbot, which should enable me to get SSL for my cockpit URL.

A crazy wall of horizontally and vertically stacked old books with a rustic blue wood door in the center. The words "Support MindFuel Blog on Patreon are shamelessly plastered over this fine image

However, drum roll, The Certbot instructions are here and it requires Apache to already be installed. Alrighty, then, I will install Apache, using these instructions

sudo dnf update  

That took a hot minute, but it did complete.

sudo dnf install httpd httpd-tools

That was a lot faster. Yay. Now we can start Apache and make sure it starts when the server gets rebooted. Haha. Like this is Windows or something. Why aren’t people laughing?

sudo systemctl start httpd
sudo systemctl enable httpd

Now just going to open ports 80 and 443:

sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Then a quick test to make sure it is working (http://your-ip or http://host-name)… my site is working:

That’s great, we also want the SSL Module, or else later when using Certbot you might see this error

To avoid that version of our future, lets install the module now and restart apache

sudo dnf install mod_ssl
sudo service httpd restart

Adding Virtual Hosts to Apache

In my use case, I want Certbot for Cockpit, but eventually I am sure I will use it for websites as well. I am trying to avoid using a wildcard domain, but we will see. In any event, I will want at least one SSL site in Apache to test Certbot, then we’ll figure out what Cockpit wants.

Based on this Stock Overflow post, I am going to add both the port 80 and port 443 entries for my top level TLD ( e.g. and for a FQDN with a subdomain (e.g. Here is a great post with a few extra details I might want to think about later (one of those is being able to enable/disable a virtual host using a symbolic link – pretty clever!)

cd /etc/httpd/conf.d
sudo nano yourDomainName.conf

Not going to explain using nano, and feel free to use emacs or vi or whatever – no judgment here, you can even use (gasp) a graphical user interface-based integrated development environment! Amazing. Paste all this juicy stuff into your conf file

<VirtualHost *:80>
    DocumentRoot /var/www/html
    ErrorLog /var/www/error.log
    CustomLog /var/www/requests.log combined
#<IfModule mod_ssl.c>
#<VirtualHost *:443>
#    ServerName
#    DocumentRoot /var/www/html
#    ServerAlias
#    ErrorLog /var/www/error.log
#    CustomLog /var/www/requests.log combined
#Include /etc/letsencrypt/options-ssl-apache.conf
#LogLevel alert rewrite:trace3
#SSLCertificateFile /etc/letsencrypt/live/
#SSLCertificateKeyFile /etc/letsencrypt/live/

Note that the port 80 version has to be running in order to setup for the 443 version (SSL) later. Hence, the 443 conf is commented out. The Stack Overflow post specifically adds them later, after you have your certs from Certbot.

Then restart Apache and check it out

sudo service httpd restart

That should do it for now with Apache.

Leave a Comment

Your email address will not be published. Required fields are marked *