Secure Apache with Let's Encrypt Certificate on Rocky Linux
Jul 12, 2025 am 09:24 AM
In our earlier guide, we provided a step-by-step walkthrough on installing the LAMP stack on Rocky Linux and later moved on to configuring Apache virtual hosts for hosting multiple websites from a single server.
However, securing your website is just as important as setting it up. With cyber threats on the rise, ensuring that your site is protected has become a top priority for both businesses and users. One of the most effective ways to secure your site is by encrypting it using an SSL/TLS certificate.
An SSL/TLS certificate is a digital certificate that authenticates your website’s identity and secures the data transmitted between a user’s browser and the web server through encryption.
Essentially, this changes your site's protocol from HTTP, which sends data in plain text, to HTTPS (HTTP Secure) which ensures all data is encrypted. Without such encryption, malicious actors can intercept sensitive information like login credentials simply by monitoring the traffic between the browser and the server.
Some time ago, Google started marking unencrypted sites with a “Not secure” warning in the browser address bar, alerting users to potential risks involved when visiting such websites.
As a site owner, you wouldn’t want your visitors exposed to unnecessary risks. This is why installing an SSL certificate on your web server is an essential part of website security.
In this tutorial, we’ll walk you through the process of securing an Apache web server on Rocky Linux 8 using a free Let's Encrypt SSL Certificate.
Requirements
Before proceeding, ensure that your domain is correctly pointed to your server’s public IP address. You'll need to log into your domain registrar or hosting provider and configure the DNS settings so that your domain resolves to the IP address of your Rocky Linux server.
For demonstration purposes, we are using the domain tecmint.info which is currently mapped to the public IP of our test server.
Step 1: Install EPEL Repository on Rocky Linux
Begin by installing some prerequisite packages that will be needed later. We will install the EPEL repository along with the mod_ssl package, which is Apache’s module for providing SSL/TLS support using OpenSSL.
<code>$ sudo dnf install epel-release mod_ssl</code>
Step 2: Install Certbot on Rocky Linux
Now, let’s proceed to install Certbot, a utility used to automatically obtain and configure Let's Encrypt SSL certificates. It greatly simplifies what would otherwise be a manual and complex setup process.
<code>$ sudo dnf install certbot python3-certbot-apache</code>
Once installed, Certbot is ready for use.
Step 3: Configure SSL Certificate for Apache on Rocky Linux
The next step involves fetching and installing the actual Let's Encrypt SSL certificate. To do this, run:
<code>$ sudo certbot --apache</code>
This command initiates a series of prompts. First, enter your email address. Then, review the Terms of Service via the provided link and press 'Y' to accept them, followed by ENTER.
You’ll then be asked whether you'd like to share your email address with the Electronic Frontier Foundation (EFF), which is a founding partner of Let's Encrypt.
Sharing your email will subscribe you to EFF newsletters and updates. If you're okay with that, press 'Y', otherwise select 'N' and hit ENTER.
Next, you’ll see a list of domains detected based on your Apache configuration. Choose the domain(s) you wish to secure. For simplicity, just press ENTER to apply HTTPS to all listed domains.
Certbot will complete the installation and store the certificate files under the /etc/letsencrypt/live/yourdomain/ directory.
If everything was successful, you should see output similar to the one shown below.
Step 4: Automatically Renew SSL Certificate in Rocky Linux
Let’s Encrypt certificates are valid for 90 days, but Certbot includes a built-in renewal script. You can test the renewal mechanism manually using:
<code>$ sudo certbot renew --dry-run</code>
To automate the renewal process, edit the crontab file:
<code>$ crontab -e</code>
Add the following line to schedule automatic renewals:
<code>0 * * * * /usr/sbin/certbot-auto renew</code>
Save and exit the file once done.
Step 5: Confirm Apache SSL Certificate Installation on Rocky Linux
To verify that your site is now secured, open a browser and reload your website. You should notice a padlock icon displayed before the URL.
Click the padlock and choose the ‘Certificate’ option to view detailed certificate information.
The certificate details will appear, confirming that your site is properly secured.
Additionally, you can assess your certificate strength by using the SSL Labs Test. Enter your domain name and click ENTER.
A result of A indicates a strong configuration.
Summary
By following this guide, you've successfully configured HTTPS for your Apache web server running on Rocky Linux using a free Let’s Encrypt SSL certificate with the help of the Certbot client.
The above is the detailed content of Secure Apache with Let's Encrypt Certificate on Rocky Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to create a new, empty file from the command line?
Jun 14, 2025 am 12:18 AM
There are three ways to create empty files in the command line: First, the simplest and safest use of the touch command, which is suitable for debugging scripts or placeholder files; Second, it is quickly created through > redirection but will clear existing content, which is suitable for initializing log files; Third, use echo"> file name to create a file with an empty string, or use echo-n""> file name to avoid line breaks. These three methods have their own applicable scenarios, and choosing the right method can help you complete the task more efficiently.
5 Best Open Source Mathematical Equation Editors for Linux
Jun 18, 2025 am 09:28 AM
Are you looking for good software to write mathematical equations? If so, this article provides the top 5 equation editors that you can easily install on your favorite Linux distribution.In addition to being compatible with different types of mathema
How to Install Eclipse IDE in Debian, Ubuntu, and Linux Mint
Jun 14, 2025 am 10:40 AM
Eclipse is a free integrated development environment (IDE) that programmers around the world use to write software, primarily in Java, but also in other major programming languages using Eclipse plugins.The latest release of Eclipse IDE 2023?06 does
SCP Linux Command – Securely Transfer Files in Linux
Jun 20, 2025 am 09:16 AM
Linux administrators should be familiar with the command-line environment. Since GUI (Graphical User Interface) mode in Linux servers is not commonly installed.SSH may be the most popular protocol to enable Linux administrators to manage the servers
24 Hilarious Linux Commands That Will Make You Laugh
Jun 14, 2025 am 10:13 AM
Linux has a rich collection of commands, and while many of them are powerful and useful for various tasks, there are also some funny and whimsical commands that you can try out for amusement. 1. sl Command (Steam Locomotive) You might be aware of the
What is a PPA and how do I add one to Ubuntu?
Jun 18, 2025 am 12:21 AM
PPA is an important tool for Ubuntu users to expand their software sources. 1. When searching for PPA, you should visit Launchpad.net, confirm the official PPA in the project official website or document, and read the description and user comments to ensure its security and maintenance status; 2. Add PPA to use the terminal command sudoadd-apt-repositoryppa:/, and then run sudoaptupdate to update the package list; 3. Manage PPAs to view the added list through the grep command, use the --remove parameter to remove or manually delete the .list file to avoid problems caused by incompatibility or stopping updates; 4. Use PPA to weigh the necessity and prioritize the situations that the official does not provide or require a new version of the software.
Gogo - Create Shortcuts to Directory Paths in Linux
Jun 19, 2025 am 10:41 AM
Gogo is a remarkable tool to bookmark directories inside your Linux shell. It helps you create shortcuts for long and complex paths in Linux. This way, you no longer need to type or memorize lengthy paths on Linux.For example, if there's a directory
How to install Linux alongside Windows (dual boot)?
Jun 18, 2025 am 12:19 AM
The key to installing dual systems in Linux and Windows is partitioning and boot settings. 1. Preparation includes backing up data and compressing existing partitions to make space; 2. Use Ventoy or Rufus to make Linux boot USB disk, recommend Ubuntu; 3. Select "Coexist with other systems" or manually partition during installation (/at least 20GB, /home remaining space, swap optional); 4. Check the installation of third-party drivers to avoid hardware problems; 5. If you do not enter the Grub boot menu after installation, you can use boot-repair to repair the boot or adjust the BIOS startup sequence. As long as the steps are clear and the operation is done properly, the whole process is not complicated.
