frame
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Sign In RegisterHowdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Categories
- 1.3K All Categories
- 7.2K General
- 6.2K General Discussions
- 406 Feature Request/Bug Report
- 541 Sales Questions and Answers
- 53 Time4VPS Life
- 237 Help requests
- 239 Server management
- 327 Tutorials
- 54 Various Tutorials
- 43 Web hosting control panels
- 130 Performance and Security
- 27 Web Applications
- 51 Linux Applications
- 22 Windows VPS
How To install Apache with Let's Encrypt on Rocky Linux 9
Michail
Moderator
Introduction
Apache HTTP Server, commonly referred to as Apache, is one of the most widely used web servers in the world. The main advantages of Apache are considered to be reliability and configuration flexibility.
In this tutorial, we will install Apache together with Let's Encrypt on Rocky Linux 9.
Installation Guide
1. Update the system
Ensure your system is up to date:
dnf update -y
2. Install Apache
Run the following command to install Apache:
dnf install httpd -y
Run this command to automatically start Apache after every boot:
systemctl enable httpd
To start Apache run this command:
systemctl start httpd
Verify if Apache enabled successfully (status should be "active"):
systemctl status httpd
3. Allow HTTP and HTTPS
Next we need to allow HTTP and HTTPS. You can do this in IPtables or firewalld.
IPtables:
If you use IPtables, run these commands:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
Save changes:
iptables-save | sudo tee /etc/sysconfig/iptables
Restart itptables to apply the changes:
systemctl restart iptables
Firewalld:
If you using firewalld, run these commands to allow HTTP and HTTPS:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
4. Create Apache Virtual Host
Create a new Virtual Host configuration file for your domain. Replace **yourdomain.ltd **with your actual domain:
vi /etc/httpd/conf.d/yourdomain.com.ltd.conf
Paste this content into the file and replace yourdomain.ltd with your actual domain:
<VirtualHost *:80> ServerName yourdomain.ltd ServerAlias www.yourdomain.ltd DocumentRoot /var/www/html/yourdomain <Directory /var/www/html/yourdomain> AllowOverride All Require all granted </Directory> ErrorLog /var/log/httpd/yourdomain.ltd-error.log CustomLog /var/log/httpd/yourdomain.ltd-access.log combined </VirtualHost>
Save the file and exit (press "Esc", then type :wq and click "Enter").
5. Create the document root directory
Create the document root directory if it does not already exist (replace yourdomain with your actual domain):
mkdir -p /var/www/html/yourdomain
6. Set permissions
Now you need to set the permissions for the document root directory. Run these commands (replace yourdomain with your actual domain):
chown -R apache:apache /var/www/html/yourdomain
chmod -R 755 /var/www/html/yourdomain
7. Create Test page
To check if everything works correctly, create a test HTML page:
vi /var/www/html/yourdomain/index.html
Paste this content:
<html> Page for testing purposes </html>
Then restart Apache to apply the changes:
systemctl restart httpd
At this point, your test page should be accessible via HTTP. For a secure connection via HTTPS, we need to install a Let's Encrypt certificate, so follow the instructions below.
8. Install Let's Encrypt certificate
First of all, install the EPEL repository:
dnf install epel-release -y
Then install Certbot:
dnf install certbot python3-certbot-apache -y
Finally, run Certbot to install SSL certificate for your domain:
certbot --apache
You may receive the following error message:
You can ignore it and continue.
You will need to select the domain you want to secure and enter your email address to receive notifications from Let's Encrypt. You will also need to agree to the Terms of Service (mandatory) and agree or disagree to share your email address with Electronic Frontier Foundation (optional).
After that, make sure to restart Apache:
systemctl restart httpd
Now you can open your browser, go to the test page and see it with a valid SSL certificate (via HTTPS). Click on the padlock icon in the address bar to see information about the certificate.
9. Manual and automatic SSL renewal
Let's Encrypt certificates are valid for 90 days and can be renewed manually or automatically.
To renew manually, run this command:
certbot renew
If the certificate is less than 30 days away from expiration, this command will renew it.
If you want to specify auto-renewal, you can create cronjob to run the above command twice a day automatically:
crontab -e
Add this line to the crontab:
* */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1
You're all set. When necessary, certbot will renew your certificates and reload Apache to pick up the changes.
foot
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!
© 2013 - 2024 Time4VPS. All rights reserved.