frame

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

How To install Apache with Let's Encrypt on Rocky Linux 9

MichailMichail Moderator
edited December 11 in Linux Applications

Introduction

Apache HTTP Server, commonly referred to as Apache, is one of the most widely used web servers in the world. The main advantages of Apache are considered to be reliability and configuration flexibility.

In this tutorial, we will install Apache together with Let's Encrypt on Rocky Linux 9.

Installation Guide

1. Update the system

Ensure your system is up to date:

dnf update -y

2. Install Apache

Run the following command to install Apache:

dnf install httpd -y

Run this command to automatically start Apache after every boot:

systemctl enable httpd

To start Apache run this command:

systemctl start httpd

Verify if Apache enabled successfully (status should be "active"):

systemctl status httpd

3. Allow HTTP and HTTPS

Next we need to allow HTTP and HTTPS. You can do this in IPtables or firewalld.

IPtables:

If you use IPtables, run these commands:

iptables -I INPUT -p tcp --dport 80 -j ACCEPT

iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Save changes:

iptables-save | sudo tee /etc/sysconfig/iptables

Restart itptables to apply the changes:

systemctl restart iptables

Firewalld:

If you using firewalld, run these commands to allow HTTP and HTTPS:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

4. Create Apache Virtual Host

Create a new Virtual Host configuration file for your domain. Replace **yourdomain.ltd **with your actual domain:

vi /etc/httpd/conf.d/yourdomain.com.ltd.conf

Paste this content into the file and replace yourdomain.ltd with your actual domain:

 <VirtualHost *:80>
  ServerName yourdomain.ltd
   ServerAlias www.yourdomain.ltd
   DocumentRoot /var/www/html/yourdomain

   <Directory /var/www/html/yourdomain>
     AllowOverride All
     Require all granted
     </Directory>

    ErrorLog /var/log/httpd/yourdomain.ltd-error.log
    CustomLog /var/log/httpd/yourdomain.ltd-access.log combined
  </VirtualHost>

Save the file and exit (press "Esc", then type :wq and click "Enter").

5. Create the document root directory

Create the document root directory if it does not already exist (replace yourdomain with your actual domain):

mkdir -p /var/www/html/yourdomain

6. Set permissions

Now you need to set the permissions for the document root directory. Run these commands (replace yourdomain with your actual domain):

chown -R apache:apache /var/www/html/yourdomain
chmod -R 755 /var/www/html/yourdomain

7. Create Test page

To check if everything works correctly, create a test HTML page:

vi /var/www/html/yourdomain/index.html

Paste this content:

  <html>
   Page for testing purposes
  </html>

Then restart Apache to apply the changes:

systemctl restart httpd

At this point, your test page should be accessible via HTTP. For a secure connection via HTTPS, we need to install a Let's Encrypt certificate, so follow the instructions below.

8. Install Let's Encrypt certificate

First of all, install the EPEL repository:

dnf install epel-release -y

Then install Certbot:

dnf install certbot python3-certbot-apache -y

Finally, run Certbot to install SSL certificate for your domain:

certbot --apache
You may receive the following error message:

You can ignore it and continue.

You will need to select the domain you want to secure and enter your email address to receive notifications from Let's Encrypt. You will also need to agree to the Terms of Service (mandatory) and agree or disagree to share your email address with Electronic Frontier Foundation (optional).

After that, make sure to restart Apache:

systemctl restart httpd

Now you can open your browser, go to the test page and see it with a valid SSL certificate (via HTTPS). Click on the padlock icon in the address bar to see information about the certificate.

9. Manual and automatic SSL renewal

Let's Encrypt certificates are valid for 90 days and can be renewed manually or automatically.

To renew manually, run this command:

certbot renew

If the certificate is less than 30 days away from expiration, this command will renew it.

If you want to specify auto-renewal, you can create cronjob to run the above command twice a day automatically:

crontab -e

Add this line to the crontab:

 * */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1

You're all set. When necessary, certbot will renew your certificates and reload Apache to pick up the changes.

Sign In or Register to comment.

Time4VPS

Learn how to install a web and database server, email, FTP client or other applications. Discover and share information on server security or optimization recommendations.
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!
© 2013 - 2024 Time4VPS. All rights reserved.

Get In Touch