THe AlmaLinux logo which is a ring of people with their hands meeting in the center. Each person is a different color, and it ends up looking like a rainbow flower shape

Alma Linux Certbot Install

The magic moment is here. We have Apache, we have snapd, it is time for

Picture of dead sea scroll cave with "Support Mindfuel Blog on Patreon" shamelessly promoted on top

Remove any old Certbot, and install new Certbot

sudo dnf remove certbot
sudo snap install --classic certbot

ERROR: I tried running the install right away, and go this error

FIX: Waiting a couple minutes and trying again resolved this issue, and I got Certbot 2.6.0.

More symbolic linking to glue Certbot into place

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Using Certbot

Alright, with certbot in place, there are a couple options (See the instructions page), but I just wanted to try the easiest version first

sudo certbot --apache

Certbot will prompt you for the virtual hosts (they must already be configured in Apache on port 80) and maybe your email address. Then it will set about obtaining the requested SSL certs

ERROR: If you get an error like:

FIX: Go back to the Apache installation post, and be sure your Virtual Host is configured.

Revisiting Apache

I am basing these instructions from this Stack Overflow post – as it states, we are not quite out of the woods. First, uncomment out the 443 lines previously commented out (or if you skipped them, now is the time to append them to the previous text in that file) from the /etc/httpd/conf.d/yourdomain.conf file

<IfModule mod_ssl.c>
<VirtualHost *:443>
    DocumentRoot /var/www/html
    ErrorLog /var/www/error.log
    CustomLog /var/www/requests.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
LogLevel alert rewrite:trace3
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

Certbot already modified my .conf file for me, but you will need something like the below in your port 80 config, so the site automatically redirects to port 443:

#this goes in at the bottom 3 lines of the VirtualHost *:80 section
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

now it is time to restart Apache and see how we did, yeah?

sudo systemctl restart httpd

My domain automatically redirected and the browser reports the domain is secured

Leave a Comment

Your email address will not be published. Required fields are marked *