Alma Linux Certbot Install

in #almalast year

The magic moment is here. We have Apache, we have snapd, it is time for

Remove any old Certbot, and install new Certbot

sudo dnf remove certbot
sudo snap install --classic certbot

ERROR: I tried running the install right away, and go this error

FIX: Waiting a couple minutes and trying again resolved this issue, and I got Certbot 2.6.0.

More symbolic linking to glue Certbot into place

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Using Certbot

Alright, with certbot in place, there are a couple options (See the instructions page), but I just wanted to try the easiest version first

sudo certbot --apache

Certbot will prompt you for the virtual hosts (they must already be configured in Apache on port 80) and maybe your email address. Then it will set about obtaining the requested SSL certs

ERROR: If you get an error like:

FIX: Go back to the Apache installation post, and be sure your Virtual Host is configured.

Revisiting Apache

I am basing these instructions from this Stack Overflow post - as it states, we are not quite out of the woods. First, uncomment out the 443 lines previously commented out (or if you skipped them, now is the time to append them to the previous text in that file) from the /etc/httpd/conf.d/yourdomain.conf file

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName yourDomainName.com
    DocumentRoot /var/www/html
    ServerAlias www.yourDomainName.com
    ErrorLog /var/www/error.log
    CustomLog /var/www/requests.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
LogLevel alert rewrite:trace3
SSLCertificateFile /etc/letsencrypt/live/yourDomainName.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourDomainName.com/privkey.pem
</VirtualHost>
</IfModule>

Certbot already modified my .conf file for me, but you will need something like the below in your port 80 config, so the site automatically redirects to port 443:

#this goes in at the bottom 3 lines of the VirtualHost *:80 section
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

now it is time to restart Apache and see how we did, yeah?

sudo systemctl restart httpd

My domain automatically redirected and the browser reports the domain is secured

Sort:  

Thank you for your witness vote!
Have a !BEER on me!
To Opt-Out of my witness beer program just comment STOP below


Hey @t3kme, here is a little bit of BEER from @isnochys for you. Enjoy it!

Did you know that <a href='https://dcity.io/cityyou can use BEER at dCity game to buy cards to rule the world.

Thank you for your witness vote!
Have a !BEER on me!
To Opt-Out of my witness beer program just comment STOP below


Hey @t3kme, here is a little bit of BEER from @isnochys for you. Enjoy it!

Did you know that <a href='https://dcity.io/cityyou can use BEER at dCity game to buy cards to rule the world.

Thank you for your witness vote!
Have a !BEER on me!
To Opt-Out of my witness beer program just comment STOP below


Hey @t3kme, here is a little bit of BEER from @isnochys for you. Enjoy it!

Learn how to earn FREE BEER each day by staking your BEER.

Thank you for your witness vote!
Have a !BEER on me!
To Opt-Out of my witness beer program just comment STOP below


Hey @t3kme, here is a little bit of BEER from @isnochys for you. Enjoy it!

Did you know that <a href='https://dcity.io/cityyou can use BEER at dCity game to buy cards to rule the world.