Yazı Boyutu:

İçindekiler

Introduction

SSL (Secure Sockets Layer), or more accurately TLS (Transport Layer Security), ensures secure communication between clients and servers. On modern Linux distributions like AlmaLinux 8, enabling SSL is crucial for securing web applications and services. This guide explains how to install a Let's Encrypt SSL certificate using Certbot, and how to configure it on both Apache and Nginx servers.

Prerequisites

Before you begin, ensure you have the following:

  • AlmaLinux 8 system with root access

  • A registered domain name pointing to your server's IP address

  • Apache or Nginx installed

  • Firewall rules allowing ports 80 and 443

Step 1: Install EPEL and Certbot

Certbot is the official Let's Encrypt client. To use it, first enable the EPEL repository:

sudo dnf install epel-release -y

For Apache users:

sudo dnf install certbot python3-certbot-apache -y

For Nginx users:

sudo dnf install certbot python3-certbot-nginx -y

Step 2: Obtain SSL Certificate

Apache:

Run the following command to obtain and install the certificate:

sudo certbot --apache

Certbot will automatically:

  • Obtain a certificate from Let’s Encrypt

  • Edit your Apache config files

  • Reload Apache

Nginx:

If you're using Nginx:

sudo certbot --nginx

This command will do the same for Nginx: obtain the certificate, modify the configuration, and reload the service.

Step 3: Test SSL Configuration

After the setup:

  • Visit https://yourdomain.com in your browser.

  • Use SSL testing tools like SSL Labs to check the configuration.

Step 4: Set Up Automatic Renewal

Let's Encrypt certificates expire every 90 days. To renew them automatically, add a cron job:

sudo crontab -e

Add the following line:

0 3 * * * /usr/bin/certbot renew --quiet

This will run daily at 3:00 AM and renew certificates if needed.

Optional: Manual SSL Configuration

If you need to configure SSL manually (e.g., custom virtual host):

Certificate paths:

  • Certificate file: /etc/letsencrypt/live/yourdomain.com/fullchain.pem

  • Private key: /etc/letsencrypt/live/yourdomain.com/privkey.pem

Apache example:

<VirtualHost *:443> ServerName yourdomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem </VirtualHost>

Nginx example:

server { listen 443 ssl; server_name yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; location / { root /usr/share/nginx/html; index index.html; } }

Redirect HTTP to HTTPS

Apache:

<VirtualHost *:80> ServerName yourdomain.com Redirect / https://yourdomain.com/ </VirtualHost>

Nginx:

server { listen 80; server_name yourdomain.com; return 301 https://$host$request_uri; }

Step 5: Check Certificate Status

To verify which certificates are installed and their expiration:

sudo certbot certificates

Conclusion

Installing SSL on AlmaLinux 8 is a straightforward process thanks to Certbot and Let's Encrypt. Whether you're using Apache or Nginx, a few commands are all it takes to secure your site with HTTPS. Don’t forget to enable automatic renewal to keep your certificates up-to-date.