{"id":9849,"date":"2021-09-07T17:30:15","date_gmt":"2021-09-07T17:30:15","guid":{"rendered":"https:\/\/linuxways.net\/?p=9849"},"modified":"2021-09-07T17:30:15","modified_gmt":"2021-09-07T17:30:15","slug":"how-to-encrypt-apache-webserver-with-lets-encrypt-ssl-certificate-on-rocky-linux-8","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/red-hat\/how-to-encrypt-apache-webserver-with-lets-encrypt-ssl-certificate-on-rocky-linux-8\/","title":{"rendered":"How to Encrypt Apache Webserver with Let’s Encrypt SSL Certificate on Rocky Linux 8"},"content":{"rendered":"

In a world of constantly evolving cyber threats, securing your webserver should be top-of-the-mind concern. One of the easiest ways of boosting your web server\u2019s security is by securing it with an SSL certificate. The encrypts the traffic exchanged between the web server and users\u2019 browser and prevents hackers from eavesdropping and intercepting confidential information such as usernames and passwords.<\/p>\n

Let\u2019s Encrypt<\/a> is a free and automated certificate authority that helps you to set up a secure HTTPS server using a free SSL certificate with a shelf life of approximately 90 days. In this guide, we will walk you through the process of securing your webserver using Let\u2019s Encrypt SSL certificate.<\/p>\n

Requirements<\/strong><\/h2>\n

As we get started, we assume that you already have the Apache webserver stack installed on your Rocky Linux 8. If not, check out this guide on how to install LAMP server on Rocky Linux 8<\/a>. The first step is a walkthrough of how to install Apache HTTP webserver.<\/p>\n

Additionally, ensure that you have a valid domain name pointing to your server\u2019s Public IP address. For this guide, we will be using the domain name called linuxtechgeek.info.<\/strong><\/p>\n

Step 1: Install EPEL repository<\/strong><\/h2>\n

Right off the bat, we will start with the installation of EPEL ( Extra Packages for Enterprise Linux ). This is a repository from Fedora that provides additional packages for RHEL-based systems.<\/p>\n

So, run the command show.<\/p>\n

$ sudo dnf install epel-release<\/strong><\/pre>\n
<\/strong><\/p>\n
Step 2: Install Certbot<\/strong><\/h2>\n
Once EPEL is installed, go ahead and install certbot<\/strong> , the apache module for certbot and mod_ssl<\/strong> which is a module that provides cryptographic features for Apache.<\/p>\n
$ sudo dnf install certbot python3-certbot-apache mod_ssl<\/strong><\/pre>\n
<\/strong><\/p>\n
After the installation of the packages, restart the Apache HTTP web server.<\/p>\n
$ sudo systemctl restart httpd <\/strong><\/pre>\n
In addition, ensure that the webserver is running:<\/p>\n
$ sudo systemctl status httpd <\/strong><\/pre>\n
Step 3 : Create virtualhost file<\/strong><\/h2>\n
The next step it configure an Apache virtual host file. This is a configuration that will serve our domain\u2019s web content and will be used by certbot to facilitate the installation of Let\u2019s Encrypt.<\/p>\n
So, create a folder for your website. In this case, I will create a directory for linuxtechgeek.info <\/strong>which is my domain name pointed to the IP of my webserver.<\/p>\n
$ sudo mkdir -p \/var\/www\/linuxtechgeek.info<\/strong><\/pre>\n
Assign the directory ownership to Apache user.<\/p>\n
$ sudo chown -R apache:apache \/var\/www\/linuxtechgeek.info<\/strong><\/pre>\n
Next, create a virtual host file in the \/etc\/httpd\/conf.d <\/strong>directory.<\/p>\n
$ sudo vim \/etc\/httpd\/conf.d\/linuxtechgeek.info.conf<\/strong><\/pre>\n
Paste the configuration shown and be sure to replace linuxtechgeek.info <\/strong>with your own domain name<\/p>\n
<virtualhost *:80><\/strong>\r\n\r\nServerName linuxtechgeek.info<\/strong>\r\n\r\nServerAlias www.linuxtechgeek.info<\/strong>\r\n\r\nDocumentRoot \/var\/www\/linuxtechgeek.info<\/strong>\r\n\r\nErrorLog \/var\/log\/httpd\/linuxtechgeek.info-error.log<\/strong>\r\n\r\nCustomLog \/var\/log\/httpd\/linuxtechgeek.info-access.log combined<\/strong>\r\n\r\n<\/virtualhost><\/strong><\/pre>\n
Save and exit the configuration file. Then restart Apache webserver.<\/p>\n
$ sudo systemctl restart httpd<\/strong><\/pre>\n
Let\u2019s now obtain the SSL certificate.<\/p>\n
Step 4 : Obtain the SSL certificate<\/strong><\/h2>\n
Finally, to install Let\u2019s Encrypt using Certbot, run the following command:<\/p>\n
$ sudo certbot --apache<\/strong><\/pre>\n
This walks you through a series of steps to configure the SSL certificate, provide your email address, read and agree the terms of service and choose which names you would want to activate HTTPS on.<\/p>\n
Certbot will detect your virtual host configuration and request the Let\u2019s Encrypt SSL certificate for all of them.<\/p>\n
<\/p>\n
Once certbot is done applying the SSL certificate on your webserver, proceed and test the SSL settings by performing an SSL server test at SSL Labs<\/a>. This is an online platform that performs a deep analysis your site\u2019s web server.<\/p>\n
Step 5: Configure certificate auto-renewal<\/strong><\/h2>\n
As mentioned earlier, Let\u2019s Encrypt certificate is only valid for 90 days, after which you will be required to renew it. You can renew the certificate manually a day before the expiration using the command:<\/p>\n
$ certbot renew <\/strong><\/pre>\n
A better approach would be to set up a cron job what will automate the certificate\u2019s renewal process. So, open the crontab file.<\/p>\n
$ crontab -e<\/strong><\/pre>\n
Add this line at the very end of the file and save the changes.<\/p>\n
0 0 * * * \/usr\/bin\/certbot renew > \/dev\/null 2>&1<\/strong><\/pre>\n
And it\u2019s a wrap. Hopefully you are now at ease securing your Apache webserver with Let\u2019s Encrypt SSL certificate.<\/p>","protected":false},"excerpt":{"rendered":"
In a world of constantly evolving cyber threats, securing your webserver should be top-of-the-mind concern. One of the easiest ways of boosting your web server\u2019s security is by…<\/p>","protected":false},"author":1,"featured_media":9890,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[165],"tags":[178,436,432],"class_list":["post-9849","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-red-hat","tag-apache","tag-rocky-linux-8","tag-ssl-certificate"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/9849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=9849"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/9849\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/9890"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=9849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=9849"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=9849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}