Logo
  • Ubuntu
  • CentOS
  • Debian
  • Fedora
  • RedHat

Secure Apache with Let’s Encrypt Certificate on Rocky Linux - DesignLinux

Aug 06 2021
designlinux 0 Comments

In our previous guide, we walked you through the installation of the LAMP stack on Rocky Linux and further proceeded to configure Apache virtual hosts in case you need to host multiple websites on a single server.

But it doesn’t just end there. Website security is now one of the greatest concerns across most organizations and users alike in the face of growing cyber threats. There are several ways of securing your website. One of the primary ways of implementing some basic protection against hackers is to encrypt your site using an SSL/TLS certificate.

An SSL/TLS certificate is a cryptographic certificate that authenticates the identity of your website and encrypts data exchanged between a user’s browser and a webserver.

In effect, your site switches from using the HTTP protocol which sends data in plain text to HTTPS (HTTP Secure) which encrypts the data. Without encryption, hackers can easily get a hold of confidential information such as usernames and passwords by eavesdropping on the data exchanged between the web server and the browser.

A while back, Google made a point of alerting users visiting unencrypted sites by placing a ‘Not secure’ label on the URL bar. This is to want users of the risk involved while browsing the site.

If you are a website owner, you certainly wouldn’t want to put your clients and website visitors at risk of having their personal information exposed to hackers. It’s for this reason that installing an SSL certificate on your webserver is a fundamental step towards securing your site.

In this guide, we will show you how to secure an Apache web server on Rocky Linux 8 using Lets Encrypt SSL Certificate.

Prerequisites

For this to work, you need to have your domain pointed to your website’s Public IP address. Therefore, you need to head over to your web host and ensure the domain name is pointing to the IP of your webserver.

Here, we have the domain tecmint.info pointed to the public IP address of our virtual server.

Domain Point to IP Address
Domain Point to IP Address

Step 1: Install EPEL Repo in Rocky Linux

We start off by installing prerequisite packages which will prove beneficial along the way. We will install the EPEL repository and the mod_ssl package which is a security module for Apache HTTP server that provides strong cryptography by leveraging SSL/TLS protocols using OpenSSL.

$ sudo dnf install epel-release mod_ssl
Install EPEL Repo in Rocky Linux
Install EPEL Repo in Rocky Linux

Step 2: Install Certbot in Rocky Linux

Let’s now install Certbot – is a client that fetches the SSL certificate from the Let’s Encrypt authority and automates its installation and configuration. This eliminates the pain and hustle of accomplishing the entire process manually.

$ sudo dnf install certbot python3-certbot-apache 

Certbot is now fully installed and well-configured.

Step 3: Installing an SSL Certificate for Apache in Rocky Linux

The last step is to retrieve and install the Let’s Encrypt SSL Certificate. To achieve this, run the command:

$ sudo certbot --apache

This sets off a series of prompts. First, you will be required to provide your email address. Next, skim through the Terms of Service in the URL provided and press 'Y' to agree with the Terms, and hit ENTER.

Next, you will be asked if you are willing to share your email address with EFF (Electronic Frontier Foundation) which is the founding partner of Let’s Encrypt.

By sharing your email address, you will subscribe to news, campaigns, and other updates about the organization. If you are comfortable providing your email address, press 'Y', otherwise, press 'N' and hit ENTER.

The next prompt will provide a list of domains based on your web server configuration and ask you which one you prefer to enable HTTPS on. You can choose either '1' or '2'. But for uniformity, simply press ENTER to enable HTTPS to all the domains.

Certbot will finalize the installation and configuration of Let’s Encrypt and save the security keys in the /etc/letsencrypt/live/yourdomain/ path.

Install SSL for Apache in Rocky Linux
Install SSL for Apache in Rocky Linux

If everything went according to plan, you will get the output displayed.

SSL Enabled for Apache in Rocky Linux
SSL Enabled for Apache in Rocky Linux

Step 4: Auto-Renew SSL Certificate for Apache in Rocky Linux

Certbot provides a script for renewing the certificate just a few days before its expiry. You can perform a dry run to test the script as shown.

$ sudo certbot renew --dry-run

Now, to automate the renewal of the certificate by the script, edit the crontab.

$ crontab -e

Specify the cron job shown and save the changes.

0 * * * * /usr/sbin/certbot-auto renew
Renew SSL for Apache on Rocky Linux
Renew SSL for Apache on Rocky Linux

Step 4: Verify Apache SSL Certificate in Rocky Linux

To confirm that your site is encrypted, simply head over to your browser and reload your website. This time around, you should see a padlock icon just before the website’s URL.

Check Apache SSL Certificate
Check Apache SSL Certificate

To gather more details, click on the icon and click on the ‘Certificate’ option in the menu that appears.

Check Apache SSL Certificate Info
Check Apache SSL Certificate Info

This populates all the certificate’s details as provided.

View Apache SSL Certificate Info
View Apache SSL Certificate Info

You can test the strength of your certificate by heading over to the SSL Labs Test. Provide the website’s URL or domain name and hit ENTER.

You should get a A rating as indicated here.

Check SSL Certificate Rating
Check SSL Certificate Rating
Conclusion

If you have come this far, then you should be in a position to encrypt your Apache web server using the Let’s Encrypt SSL Certificate by leveraging the Certbot client from EFF.

Related

Tags: Apache Tips, let's encrypt, Rocky Linux Tips

How to Install MongoDB on Rocky Linux and AlmaLinux

Prev Post

20 Command Line Tools to Monitor Linux Performance

Next Post
Archives
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
Categories
  • AlmaLinux
  • Android
  • Ansible
  • Apache
  • Arch Linux
  • AWS
  • Backups
  • Bash Shell
  • Bodhi Linux
  • CentOS
  • CentOS Stream
  • Chef
  • Cloud Software
  • CMS
  • Commandline Tools
  • Control Panels
  • CouchDB
  • Data Recovery Tools
  • Databases
  • Debian
  • Deepin Linux
  • Desktops
  • Development Tools
  • Docker
  • Download Managers
  • Drupal
  • Editors
  • Elementary OS
  • Encryption Tools
  • Fedora
  • Firewalls
  • FreeBSD
  • FTP
  • GIMP
  • Git
  • Hadoop
  • HAProxy
  • Java
  • Jenkins
  • Joomla
  • Kali Linux
  • KDE
  • Kubernetes
  • KVM
  • Laravel
  • Let's Encrypt
  • LFCA
  • Linux Certifications
  • Linux Commands
  • Linux Desktop
  • Linux Distros
  • Linux IDE
  • Linux Mint
  • Linux Talks
  • Lubuntu
  • LXC
  • Mail Server
  • Manjaro
  • MariaDB
  • MongoDB
  • Monitoring Tools
  • MySQL
  • Network
  • Networking Commands
  • NFS
  • Nginx
  • Nodejs
  • NTP
  • Open Source
  • OpenSUSE
  • Oracle Linux
  • Package Managers
  • Pentoo
  • PHP
  • Podman
  • Postfix Mail Server
  • PostgreSQL
  • Python
  • Questions
  • RedHat
  • Redis Server
  • Rocky Linux
  • Security
  • Shell Scripting
  • SQLite
  • SSH
  • Storage
  • Suse
  • Terminals
  • Text Editors
  • Top Tools
  • Torrent Clients
  • Tutorial
  • Ubuntu
  • Udemy Courses
  • Uncategorized
  • VirtualBox
  • Virtualization
  • VMware
  • VPN
  • VSCode Editor
  • Web Browsers
  • Web Design
  • Web Hosting
  • Web Servers
  • Webmin
  • Windows
  • Windows Subsystem
  • WordPress
  • Zabbix
  • Zentyal
  • Zorin OS
Visits
  • 0
  • 256
  • 614,628

DesignLinux.com © All rights reserved

Go to mobile version