Alright, so now that I have an Alma Linux VPS. Next, for no good reason, I want to be able to use this VPS remotely. It has Cockpit, so I enabled that, but then I tried to use HTTPS:// to connect, and it threws a TLS error. Enter Certbot, which should enable me to get SSL for my cockpit URL.
However, drum roll, The Certbot instructions are here and it requires Apache to already be installed. Alrighty, then, I will install Apache, using these instructions
sudo dnf update That took a hot minute, but it did complete.
sudo dnf install httpd httpd-toolsThat was a lot faster. Yay. Now we can start Apache and make sure it starts when the server gets rebooted. Haha. Like this is Windows or something. Why aren't people laughing?
sudo systemctl start httpd
sudo systemctl enable httpdNow just going to open ports 80 and 443:
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reloadThen a quick test to make sure it is working (http://your-ip or http://host-name)... my site is working:
That's great, we also want the SSL Module, or else later when using Certbot you might see this error
To avoid that version of our future, lets install the module now and restart apache
sudo dnf install mod_ssl
sudo service httpd restartAdding Virtual Hosts to Apache
In my use case, I want Certbot for Cockpit, but eventually I am sure I will use it for websites as well. I am trying to avoid using a wildcard domain, but we will see. In any event, I will want at least one SSL site in Apache to test Certbot, then we'll figure out what Cockpit wants.
Based on this Stock Overflow post, I am going to add both the port 80 and port 443 entries for my top level TLD ( e.g. toplevel.com) and for a FQDN with a subdomain (e.g. myserver.toplevel.com). Here is a great post with a few extra details I might want to think about later (one of those is being able to enable/disable a virtual host using a symbolic link - pretty clever!)
cd /etc/httpd/conf.d
sudo nano yourDomainName.confNot going to explain using nano, and feel free to use emacs or vi or whatever - no judgment here, you can even use (gasp) a graphical user interface-based integrated development environment! Amazing. Paste all this juicy stuff into your conf file
<VirtualHost *:80>
ServerName yourDomainName.com
DocumentRoot /var/www/html
ServerAlias www.yourDomainName.com
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
</VirtualHost>
#<IfModule mod_ssl.c>
#<VirtualHost *:443>
# ServerName yourDomainName.com
# DocumentRoot /var/www/html
# ServerAlias www.yourDomainName.com
# ErrorLog /var/www/error.log
# CustomLog /var/www/requests.log combined
#Include /etc/letsencrypt/options-ssl-apache.conf
#LogLevel alert rewrite:trace3
#SSLCertificateFile /etc/letsencrypt/live/yourDomainName.com/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/yourDomainName.com/privkey.pem
#</VirtualHost>
#</IfModule>Note that the port 80 version has to be running in order to setup for the 443 version (SSL) later. Hence, the 443 conf is commented out. The Stack Overflow post specifically adds them later, after you have your certs from Certbot.
Then restart Apache and check it out
sudo service httpd restart
httpd -D DUMP_VHOSTSThat should do it for now with Apache.