Securing your web server with SSL/TLS certificates is crucial for protecting sensitive data and ensuring secure communication between clients and servers. This guide will walk you through the process of installing SSL certificates on a Rocky Linux 8.10 system.
Prerequisites
Before you start, ensure you have:
- A running Rocky Linux 8.10 system
- A user account with sudo privileges
- Internet connectivity to download packages
- A registered domain name pointing to your server’s IP address
Step 1: Update Your System
First, update your system to ensure all existing packages are up to date.
$ sudo dnf update -yStep 2: Install Apache or Nginx
You need a web server to install the SSL certificate on. This guide will cover the installation for both Apache and Nginx.
For Apache:
$ sudo dnf install httpd -y
$ sudo systemctl start httpd
$ sudo systemctl enable httpdFor Nginx:
$ sudo dnf install nginx -y
$ sudo systemctl start nginx
$ sudo systemctl enable nginxStep 3: Install Certbot
Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let’s Encrypt.
For Apache:
$ sudo dnf install certbot python3-certbot-apache -yFor Nginx:
$ sudo dnf install certbot python3-certbot-nginx -yStep 4: Obtain an SSL Certificate
Use Certbot to obtain an SSL certificate. Certbot will automatically configure your web server to use the certificate.
For Apache:
$ sudo certbot --apacheFor Nginx:
$ sudo certbot --nginxYou will be prompted to enter your email address and agree to the terms of service. Certbot will then automatically obtain and install the SSL certificate for your domain.
Step 5: Verify the Installation
After obtaining and installing the SSL certificate, you can verify the installation by accessing your website using https://. You can also use the curl command to check the HTTPS headers:
$ curl -I https://your_domainYou should see HTTP headers indicating a successful HTTPS connection.
Step 6: Set Up Automatic Renewal
Let’s Encrypt certificates are valid for 90 days. Certbot can automatically renew the certificates before they expire. To set up automatic renewal, create a cron job.
Open the crontab for editing:
$ sudo crontab -eAdd the following line to the crontab to check for renewal twice a day:
0 */12 * * * /usr/bin/certbot renew --quietThis cron job will run the Certbot renew command twice a day and renew any certificates that are within 30 days of expiration.
Step 7: Troubleshooting
If you encounter any issues during the installation or renewal process, Certbot provides detailed logs that can help you diagnose the problem. The logs are located in /var/log/letsencrypt.
You can also test your SSL configuration using online tools like SSL Labs’ SSL Test.
Conclusion
You have successfully installed SSL certificates on your Rocky Linux 8.10 system using Certbot and Let’s Encrypt. Your web server is now secured with HTTPS, ensuring encrypted communication between your server and clients. For more detailed configurations and advanced usage, refer to the official documentation of each component:
References
Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.