How To Install Certbot on AlmaLinux 10
Securing web applications with SSL certificates has become essential in today’s digital landscape. AlmaLinux 10, as a robust enterprise-grade Linux distribution, provides an excellent platform for hosting secure web services. Certbot stands out as the most reliable and automated solution for obtaining and managing SSL certificates from Let’s Encrypt, the world’s leading free certificate authority.
This comprehensive guide walks through the complete process of installing Certbot on AlmaLinux 10 systems. Whether running Apache or Nginx web servers, administrators will discover step-by-step instructions for certificate deployment, renewal automation, and security optimization. The tutorial covers both basic installation procedures and advanced configuration techniques, ensuring production-ready SSL implementations.
Modern web security demands go beyond simple HTTP connections. Search engines prioritize HTTPS-enabled websites, while users increasingly expect encrypted connections for all online interactions. Let’s Encrypt revolutionized SSL certificate accessibility by providing free, automated certificates that rival expensive commercial alternatives. Combined with AlmaLinux 10’s stability and Certbot’s automation capabilities, administrators can implement enterprise-grade security without complexity or cost barriers.
Prerequisites and System Requirements
Before beginning the Certbot installation process, several system requirements must be satisfied to ensure successful certificate deployment. AlmaLinux 10 servers require root or sudo administrative privileges for package installation and system configuration changes. The server should have adequate resources including at least 1GB RAM and 10GB available disk space, though these requirements may vary based on website traffic and additional services.
Network connectivity represents a critical prerequisite for Let’s Encrypt certificate validation. The server must maintain stable internet access to communicate with Let’s Encrypt’s ACME servers during certificate requests and renewals. Firewalls or network restrictions that block outbound HTTPS connections can prevent successful certificate generation.
Domain configuration requires proper DNS setup before attempting certificate installation. Each domain requesting SSL certificates must have valid A records pointing to the server’s public IP address. DNS propagation typically takes 24-48 hours, so domain configuration should be completed well before certificate installation attempts. Multiple domains or subdomains can be secured with single certificates, but each must resolve correctly to the target server.
Web server prerequisites depend on the chosen platform. Apache users need functional virtual host configurations with proper ServerName directives matching the requested certificate domains. Nginx requires server blocks with correctly configured server_name parameters. Both web servers should be running and responding to HTTP requests on port 80, as Let’s Encrypt uses HTTP-01 challenges for domain validation.
Security considerations include firewall preparation and user privilege management. Administrative access should follow principle of least privilege guidelines, using sudo rather than direct root access when possible. System backups are strongly recommended before making configuration changes, allowing quick recovery if issues arise during installation.
Understanding Let’s Encrypt and Certbot
Let’s Encrypt operates as a free, automated certificate authority that revolutionized SSL certificate accessibility through the ACME (Automatic Certificate Management Environment) protocol. Unlike traditional certificate authorities requiring manual verification processes and substantial fees, Let’s Encrypt provides domain-validated certificates through automated challenge-response mechanisms. This approach democratized SSL security, making encrypted connections accessible to individual developers and large enterprises alike.
Certificate validity periods are intentionally limited to 90 days, encouraging automation and reducing the impact of compromised private keys. While shorter than traditional certificates lasting one to three years, automated renewal processes make this limitation transparent to end users. The abbreviated validity period actually enhances security by forcing regular certificate rotation and reducing exposure windows for compromised credentials.
Certbot serves as the official ACME client recommended by Let’s Encrypt, though numerous alternative clients exist for specialized use cases. Written in Python, Certbot provides plugins for popular web servers including Apache and Nginx, automatically configuring SSL settings after certificate generation. The tool handles certificate requests, domain validation, installation, and renewal scheduling with minimal administrator intervention.
The ACME protocol supports multiple validation methods for proving domain ownership. HTTP-01 challenges require placing specific files in the domain’s web root directory, allowing Let’s Encrypt servers to verify control through HTTP requests. DNS-01 challenges involve creating specific TXT records in the domain’s DNS configuration, enabling wildcard certificate generation and supporting domains without web servers. Certbot supports both validation methods, automatically selecting appropriate mechanisms based on server configuration and certificate requirements.
Certificate types available through Let’s Encrypt focus on domain validation rather than extended validation or organization validation certificates. While this limits certain enterprise use cases requiring identity verification, domain-validated certificates provide identical encryption strength and browser trust indicators. Wildcard certificates covering all subdomains within a domain are available through DNS-01 validation, though they require manual DNS management or automated DNS API integration.
Initial System Preparation
System preparation begins with updating AlmaLinux 10 packages to ensure compatibility and security. Package managers occasionally experience conflicts with outdated system components, making updates essential before installing new software. The DNF package manager handles dependency resolution and package installation on AlmaLinux systems.
sudo dnf update -yThe update process downloads and installs all available security patches and package updates. Systems with extensive package installations may require several minutes for completion. Rebooting after major kernel updates ensures all changes take effect properly.
EPEL (Extra Packages for Enterprise Linux) repository installation provides access to additional software packages not included in default AlmaLinux repositories. Certbot and related Python packages are distributed through EPEL, making repository installation mandatory for certificate management tools.
sudo dnf install epel-release -yRepository configuration verification ensures proper package source availability:
sudo dnf repolistEssential dependencies vary between Apache and Nginx installations, but several common packages support both configurations. Python 3 and related development tools enable Certbot operation, while SSL/TLS libraries provide cryptographic functionality. Network diagnostic tools assist with troubleshooting connection issues during certificate validation.
sudo dnf install python3 python3-pip wget curl -yFirewall preparation involves checking current configurations without making immediate changes. AlmaLinux 10 systems typically use firewalld for network security management. Understanding existing rules prevents conflicts during later configuration steps.
sudo firewall-cmd --list-all
sudo systemctl status firewalldTime synchronization verification ensures accurate timestamps during certificate validation. Let’s Encrypt servers reject requests with significant time discrepancies, making NTP synchronization critical for successful certificate generation.
sudo timedatectl statusIf time synchronization appears disabled, enable NTP services:
sudo timedatectl set-ntp trueInstalling Certbot for Apache
Apache web server integration requires specific Certbot plugins and SSL modules for automated certificate installation and configuration. The python3-certbot-apache package provides native Apache integration, automatically modifying virtual host files and SSL directives during certificate deployment.
sudo dnf install certbot python3-certbot-apache mod_ssl -yThe mod_ssl module enables SSL/TLS functionality within Apache, providing encryption capabilities and configuration directives. Most AlmaLinux 10 installations include mod_ssl by default, but explicit installation ensures availability.
Apache virtual host configuration verification prevents certificate installation failures. Each domain requesting SSL certificates requires properly configured virtual hosts with matching ServerName directives. Virtual host files typically reside in /etc/httpd/conf.d/ directory, though custom configurations may use alternative locations.
Example virtual host configuration for SSL certificate compatibility:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com
<Directory /var/www/html/example.com>
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/httpd/example.com_error.log
CustomLog /var/log/httpd/example.com_access.log combined
</VirtualHost>Apache syntax validation prevents service failures during certificate installation:
sudo httpd -tService status verification ensures Apache operates correctly before certificate installation attempts:
sudo systemctl status httpd
sudo systemctl enable httpdCertbot installation verification confirms proper package installation and plugin availability:
certbot --version
certbot pluginsThe plugins command displays available authentication and installation plugins. Apache installations should show “apache” in both authentication and installation plugin lists.
Web server accessibility testing verifies HTTP connections function properly before SSL certificate installation. Domain resolution and web server response validation prevent common certificate installation failures:
curl -I http://example.comLog file preparation enables troubleshooting during certificate installation processes. Apache error logs provide detailed information about configuration issues and request processing problems:
sudo tail -f /var/log/httpd/error_logInstalling Certbot for Nginx
Nginx web server installations require different Certbot plugins specifically designed for Nginx configuration management. The python3-certbot-nginx package provides automated certificate installation and SSL configuration for Nginx server blocks.
sudo dnf install certbot python3-certbot-nginx -yNginx configuration file structure differs significantly from Apache virtual hosts, using server blocks within the main configuration file or separate include files. Server block configuration must include proper server_name directives matching certificate domain names.
Example Nginx server block configuration:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/html/example.com;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
}Nginx syntax validation prevents service interruptions during certificate installation:
sudo nginx -tConfiguration reload testing ensures Nginx processes configuration changes properly:
sudo systemctl reload nginx
sudo systemctl status nginxPlugin verification confirms Nginx-specific Certbot functionality:
certbot plugins | grep nginxNginx log monitoring prepares troubleshooting capabilities for certificate installation processes:
sudo tail -f /var/log/nginx/error.logServer block validation ensures proper domain configuration before certificate requests. Multiple server blocks can share SSL certificates, but each must include appropriate server_name directives for certificate validation.
Document root permissions verification prevents Let’s Encrypt validation failures during HTTP-01 challenges:
sudo ls -la /var/www/html/
sudo chown -R nginx:nginx /var/www/html/Obtaining SSL Certificates
SSL certificate generation represents the core Certbot functionality, automatically handling domain validation, certificate creation, and web server configuration. The process varies slightly between Apache and Nginx installations, but both use similar ACME protocol interactions with Let’s Encrypt servers.
Apache certificate generation utilizes the integrated Apache plugin for automated configuration:
sudo certbot --apacheThe interactive certificate generation process guides administrators through domain selection, email configuration, and terms of service agreement. Certbot automatically detects configured virtual hosts and presents domain options for certificate inclusion.
Multiple domains can be secured with single certificates by selecting all relevant domains during the interactive process. Subject Alternative Name (SAN) certificates support up to 100 domains, though practical limitations suggest keeping certificate scope manageable for easier administration.
Nginx certificate generation follows similar interactive processes with Nginx-specific configuration management:
sudo certbot --nginxNon-interactive certificate generation enables automation and scripting for large-scale deployments:
sudo certbot --apache --non-interactive --agree-tos --email admin@example.com -d example.com -d www.example.comThe --expand flag allows adding domains to existing certificates without regenerating all certificates:
sudo certbot --apache --expand -d example.com -d www.example.com -d mail.example.comStandalone mode provides alternative validation methods when web servers cannot be temporarily stopped:
sudo certbot certonly --standalone -d example.comWebroot mode enables certificate generation without interrupting web server operation by placing validation files in specified directories:
sudo certbot certonly --webroot -w /var/www/html/example.com -d example.comCertificate file locations follow predictable patterns within /etc/letsencrypt/live/domain.com/ directories:
cert.pem: Server certificatechain.pem: Intermediate certificate chainfullchain.pem: Certificate plus chain (recommended for most applications)privkey.pem: Private key (requires strict access controls)
Manual certificate verification confirms successful generation and proper file permissions:
sudo certbot certificates
sudo ls -la /etc/letsencrypt/live/example.com/Certificate information display provides validation details and expiration dates:
sudo openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -text -nooutFirewall Configuration
Firewall configuration enables external access to HTTP and HTTPS services while maintaining security for other system services. AlmaLinux 10 systems typically use firewalld for network security management, providing zone-based firewall controls and service-specific rule management.
HTTP and HTTPS service enabling allows web traffic through the firewall:
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadPort-specific rules provide alternative configuration methods when service definitions are insufficient:
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reloadFirewall status verification confirms rule activation:
sudo firewall-cmd --list-services
sudo firewall-cmd --list-portsZone-specific configurations enable different security policies for various network interfaces. Public zones typically receive restrictive rules, while trusted zones allow broader access:
sudo firewall-cmd --zone=public --list-all
sudo firewall-cmd --get-default-zoneRich rules provide advanced traffic filtering based on source addresses, port ranges, or protocol specifications:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="https" accept'Logging configuration assists with security monitoring and troubleshooting connection issues:
sudo firewall-cmd --set-log-denied=all
sudo firewall-cmd --runtime-to-permanentAlternative firewall solutions like iptables require different configuration approaches but achieve similar results. Direct iptables rules provide maximum flexibility at the cost of increased complexity:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPTExternal connectivity testing verifies firewall rule effectiveness from external networks:
telnet example.com 443
nmap -p 80,443 example.comTesting and Verification
SSL certificate verification ensures proper installation and browser compatibility through multiple testing methodologies. Browser-based testing provides the most user-relevant validation, while command-line tools offer detailed technical analysis of certificate configuration and security parameters.
Browser verification involves accessing secured domains through HTTPS connections and examining certificate information through browser security indicators. Modern browsers display lock icons for valid certificates, warning indicators for problematic configurations, and detailed certificate information through developer tools or security tabs.
Certificate chain validation confirms proper intermediate certificate installation, preventing browser warnings about incomplete certificate chains:
openssl s_client -connect example.com:443 -servername example.comThe command output includes certificate chain information, SSL/TLS protocol versions, cipher suites, and connection establishment details. Successful validation displays “Verify return code: 0 (ok)” messages.
Certificate expiration checking prevents service interruptions from expired certificates:
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -datesSSL Labs SSL Test provides comprehensive certificate analysis through web-based testing tools. The service evaluates certificate installation, protocol support, cipher suite configuration, and security vulnerabilities, assigning letter grades for overall SSL security.
Performance impact assessment measures SSL handshake overhead and connection establishment timing:
curl -w "@curl-format.txt" -o /dev/null -s "https://example.com/"The curl-format.txt file contains timing format specifications:
time_namelookup: %{time_namelookup}\n
time_connect: %{time_connect}\n
time_appconnect: %{time_appconnect}\n
time_pretransfer: %{time_pretransfer}\n
time_redirect: %{time_redirect}\n
time_starttransfer: %{time_starttransfer}\n
----------\n
time_total: %{time_total}\nCertificate transparency log verification ensures certificate issuance transparency and detects unauthorized certificate generation:
curl -s "https://crt.sh/?q=example.com&output=json" | jq '.[0]'Mixed content detection identifies HTTP resources loaded over HTTPS connections, preventing security warnings and potential vulnerabilities. Browser developer tools highlight mixed content issues, while automated scanning tools provide comprehensive analysis.
Automatic Certificate Renewal
Automatic certificate renewal eliminates manual intervention requirements for maintaining valid SSL certificates. Let’s Encrypt’s 90-day certificate validity period necessitates reliable renewal automation to prevent service interruptions from expired certificates.
Certbot installs systemd timers automatically during installation, providing automated renewal scheduling without additional configuration. The renewal process attempts certificate updates twice daily, though actual renewals only occur for certificates approaching expiration within 30 days.
Renewal timer status verification confirms proper scheduling:
sudo systemctl status certbot-renew.timer
sudo systemctl list-timers certbot-renew.timerManual renewal testing validates the renewal process without waiting for scheduled execution:
sudo certbot renew --dry-runThe dry-run option simulates renewal processes without modifying existing certificates, identifying potential issues before actual renewal attempts. Successful dry-run results indicate properly configured automatic renewal.
Renewal hook scripts enable custom actions during certificate renewal processes. Pre-hooks execute before renewal attempts, while post-hooks run after successful renewals. Deploy hooks activate after certificate deployment but not during dry-run testing.
Example post-renewal hook for web server reloading:
sudo mkdir -p /etc/letsencrypt/renewal-hooks/post
sudo nano /etc/letsencrypt/renewal-hooks/post/reload-webserver.shHook script content:
#!/bin/bash
systemctl reload httpd
systemctl reload nginxHook script permissions configuration:
sudo chmod +x /etc/letsencrypt/renewal-hooks/post/reload-webserver.shRenewal configuration customization enables specific renewal behaviors for individual certificates. Configuration files reside in /etc/letsencrypt/renewal/ directory, containing domain-specific renewal parameters.
Email notification configuration ensures administrators receive renewal status updates:
sudo certbot --email admin@example.comLog file monitoring provides renewal process visibility:
sudo tail -f /var/log/letsencrypt/letsencrypt.logRenewal failure detection and alerting prevent service interruptions from failed renewal attempts. Monitoring systems should track renewal log entries and certificate expiration dates, generating alerts for manual intervention requirements.
Troubleshooting Common Issues
Certificate installation and renewal processes occasionally encounter issues requiring systematic troubleshooting approaches. Common problems include domain validation failures, DNS propagation delays, web server configuration conflicts, and network connectivity issues.
Domain validation errors typically result from DNS misconfigurations, firewall restrictions, or web server problems. Let’s Encrypt validation servers must successfully access domain resources through HTTP-01 challenges or verify DNS TXT records for DNS-01 challenges.
DNS propagation checking verifies domain resolution from Let’s Encrypt’s perspective:
dig +short example.com
nslookup example.com 8.8.8.8Web server accessibility testing identifies HTTP connection issues:
curl -I http://example.com/.well-known/acme-challenge/testRate limiting errors occur when exceeding Let’s Encrypt’s request quotas. Certificate requests are limited to 50 certificates per registered domain per week, with failed validation limits of 5 failures per hour. Rate limit resets require waiting for quota refresh periods.
Certificate installation conflicts arise from existing SSL configurations or incompatible web server settings. Backup and remove conflicting SSL configurations before attempting Certbot installation:
sudo cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.backup
sudo mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.disabledPort accessibility problems prevent Let’s Encrypt validation servers from reaching target domains. Network Address Translation (NAT), Content Delivery Networks (CDNs), and proxy services can interfere with validation processes.
External port testing verifies accessibility:
nmap -p 80,443 example.com
telnet example.com 80Permission errors during certificate installation typically involve insufficient privileges or restrictive file permissions. Certbot requires root access for system configuration modifications and certificate file management.
Debug mode activation provides detailed troubleshooting information:
sudo certbot --apache --debug -vCertificate chain issues prevent proper browser trust validation. Missing intermediate certificates cause browser warnings despite valid end-entity certificates. Certbot automatically includes intermediate certificates, but manual installations may require explicit chain configuration.
Renewal failures often result from changed server configurations, expired validation tokens, or network connectivity problems. Renewal process debugging requires examining renewal configuration files and testing domain accessibility.
Manual certificate management enables recovery from automated process failures:
sudo certbot delete --cert-name example.com
sudo certbot certonly --manual -d example.comSecurity Best Practices
SSL certificate deployment represents only the foundation of comprehensive web security. Advanced security configurations enhance encryption strength, prevent protocol downgrade attacks, and implement defense-in-depth strategies protecting against evolving threats.
Protocol version restrictions disable vulnerable SSL/TLS versions while maintaining compatibility with modern clients. SSLv2 and SSLv3 contain known vulnerabilities requiring immediate disabling, while TLS 1.0 and 1.1 are deprecated and should be avoided when possible.
Apache SSL protocol configuration:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1Nginx SSL protocol configuration:
ssl_protocols TLSv1.2 TLSv1.3;Cipher suite optimization balances security and performance by prioritizing strong encryption algorithms while maintaining broad client compatibility. Modern cipher suites support Perfect Forward Secrecy (PFS), ensuring session key compromise doesn’t affect past communications.
Strong cipher suite configuration for Apache:
SSLCipherSuite ECDHE+AESGCM:ECDHE+AES256:ECDHE+AES128:!aNULL:!MD5:!DSS
SSLHonorCipherOrder onNginx cipher suite configuration:
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;HTTP Strict Transport Security (HSTS) headers prevent protocol downgrade attacks by instructing browsers to use HTTPS exclusively for specified domains. HSTS policies persist across browser sessions, providing lasting protection against man-in-the-middle attacks.
HSTS configuration for Apache:
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"HSTS configuration for Nginx:
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;Certificate backup procedures ensure recovery capabilities during disasters or system failures. Private keys require particular attention due to security sensitivity and recovery complexity.
Certificate backup script:
#!/bin/bash
BACKUP_DIR="/backup/ssl-certificates/$(date +%Y%m%d)"
sudo mkdir -p $BACKUP_DIR
sudo cp -r /etc/letsencrypt/ $BACKUP_DIR/
sudo tar -czf $BACKUP_DIR/letsencrypt-backup.tar.gz -C $BACKUP_DIR letsencrypt/
sudo chmod 600 $BACKUP_DIR/letsencrypt-backup.tar.gzSecurity header implementation provides additional protection against common web vulnerabilities. Content Security Policy (CSP) headers mitigate cross-site scripting attacks, while X-Frame-Options prevent clickjacking attempts.
Comprehensive security headers for Nginx:
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'";Advanced Configuration and Optimization
Advanced SSL configurations optimize performance while maintaining security through sophisticated caching mechanisms, modern protocol implementations, and efficient resource utilization. These optimizations become particularly important for high-traffic websites requiring minimal latency and maximum throughput.
SSL session caching reduces computational overhead by reusing cryptographic negotiations across multiple connections. Both Apache and Nginx support various caching mechanisms with different performance characteristics and memory requirements.
Apache SSL session cache configuration:
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLUseStapling on
SSLStaplingCache shmcb:/var/cache/mod_ssl/stapling-cache(128000)Nginx SSL session caching:
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;OCSP (Online Certificate Status Protocol) stapling improves certificate validation performance by including revocation information in SSL handshakes. This optimization reduces client-side validation latency while enhancing privacy by eliminating direct client-to-CA communications.
HTTP/2 protocol implementation provides significant performance improvements through multiplexing, server push capabilities, and header compression. Modern browsers require SSL/TLS connections for HTTP/2 support, making certificate installation prerequisites for protocol upgrades.
Apache HTTP/2 configuration:
LoadModule http2_module modules/mod_http2.so
Protocols h2 h2c http/1.1
H2Push on
H2PushPriority * after 32
H2PushPriority text/css before 64
H2PushPriority application/javascript after 64Nginx HTTP/2 configuration:
listen 443 ssl http2;
http2_push_preload on;Wildcard certificate deployment enables securing unlimited subdomains with single certificates, simplifying management for large-scale deployments. DNS-01 validation is required for wildcard certificates, necessitating automated DNS management or manual TXT record updates.
Wildcard certificate generation:
sudo certbot certonly --manual --preferred-challenges=dns -d example.com -d *.example.comCertificate transparency monitoring detects unauthorized certificate issuance and provides insight into certificate ecosystem security. Automated monitoring systems can alert administrators to unexpected certificate generation, indicating potential security compromises.
Load balancer SSL termination centralizes certificate management in distributed environments while reducing computational overhead on backend servers. This architecture requires careful planning to maintain end-to-end encryption when necessary.
Configuration management integration enables automated certificate deployment across multiple servers through tools like Ansible, Puppet, or Chef. Infrastructure as Code approaches ensure consistent SSL configurations and simplified renewal processes.
Congratulations! You have successfully installed Certbot. Thanks for using this tutorial for installing Certbot on your AlmaLinux OS 10 system. For additional help or useful information, we recommend you check the official Certbot website.
