Alright, so now that I have an Alma Linux VPS. Next, for no good reason, I want to be able to use this VPS remotely. It has Cockpit, so I enabled that, but then I tried to use HTTPS:// to connect, and it threws a TLS error. Enter Certbot, which should enable me to get SSL for my cockpit URL.
sudo dnf update
That took a hot minute, but it did complete.
sudo dnf install httpd httpd-tools
That was a lot faster. Yay. Now we can start Apache and make sure it starts when the server gets rebooted. Haha. Like this is Windows or something. Why aren’t people laughing?
sudo systemctl start httpd sudo systemctl enable httpd
Now just going to open ports 80 and 443:
sudo firewall-cmd --permanent --zone=public --add-service=https sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --reload
Then a quick test to make sure it is working (http://your-ip or http://host-name)… my site is working:
That’s great, we also want the SSL Module, or else later when using Certbot you might see this error
To avoid that version of our future, lets install the module now and restart apache
sudo dnf install mod_ssl sudo service httpd restart
Adding Virtual Hosts to Apache
In my use case, I want Certbot for Cockpit, but eventually I am sure I will use it for websites as well. I am trying to avoid using a wildcard domain, but we will see. In any event, I will want at least one SSL site in Apache to test Certbot, then we’ll figure out what Cockpit wants.
Based on this Stock Overflow post, I am going to add both the port 80 and port 443 entries for my top level TLD ( e.g. toplevel.com) and for a FQDN with a subdomain (e.g. myserver.toplevel.com). Here is a great post with a few extra details I might want to think about later (one of those is being able to enable/disable a virtual host using a symbolic link – pretty clever!)
cd /etc/httpd/conf.d sudo nano yourDomainName.conf
Not going to explain using nano, and feel free to use emacs or vi or whatever – no judgment here, you can even use (gasp) a graphical user interface-based integrated development environment! Amazing. Paste all this juicy stuff into your conf file
<VirtualHost *:80> ServerName yourDomainName.com DocumentRoot /var/www/html ServerAlias www.yourDomainName.com ErrorLog /var/www/error.log CustomLog /var/www/requests.log combined </VirtualHost> #<IfModule mod_ssl.c> #<VirtualHost *:443> # ServerName yourDomainName.com # DocumentRoot /var/www/html # ServerAlias www.yourDomainName.com # ErrorLog /var/www/error.log # CustomLog /var/www/requests.log combined #Include /etc/letsencrypt/options-ssl-apache.conf #LogLevel alert rewrite:trace3 #SSLCertificateFile /etc/letsencrypt/live/yourDomainName.com/fullchain.pem #SSLCertificateKeyFile /etc/letsencrypt/live/yourDomainName.com/privkey.pem #</VirtualHost> #</IfModule>
Note that the port 80 version has to be running in order to setup for the 443 version (SSL) later. Hence, the 443 conf is commented out. The Stack Overflow post specifically adds them later, after you have your certs from Certbot.
Then restart Apache and check it out
sudo service httpd restart httpd -D DUMP_VHOSTS
That should do it for now with Apache.