How To Install Let’s Encrypt SSL with LEMP on AlmaLinux 8

Install Free SSL Certificate with LEMP on AlmaLinux 8

In this tutorial, we will show you how to install Let’s Encrypt SSL with LEMP on AlmaLinux 8. For those of you who didn’t know, Let’s Encrypt is the free SSL option for you. Let’s Encrypt can be signed through Certbot, a free, open-source software tool for automatically issuing the SSL Certificate.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of a free SSL certificate with LEMP on an AlmaLinux 8. You can follow the same instructions for CentOS and Rocky Linux.

Prerequisites

  • A server running one of the following operating systems: AlmaLinux 8, CentOS, and Rocky Linux 8.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo useror access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Let’s Encrypt SSL with LEMP on AlmaLinux 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf update
sudo dnf install epel-release mod_ssl

Step 2. Installing a LEMP server.

An AlmaLinux LEMP server is required. If you do not have LEMP installed, you can follow our guide here.

Step 3. Installing Certbot.

Now we install the Certbot client which is used to create Let’s Encrypt certificates:

sudodnf installcertbot python3-certbot-nginx

To verify the Certbot installation run:

certbot --version

Step 4. Installing free SSL Let’s Encrypt on AlmaLinux.

Now we use the Certbot command to issue a Let’s Encrypt certificate. Replace your-domain.com and admin@your-domain.com with your domain name and email :

certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email admin@your-domain.com -d your-domain.com

During installation, This will generate a set of prompts that you will need to answer. If all goes well, you should receive the following message:

Requesting a certificate for yourdomain.com
Performing the following challenges:
http-01 challenge for your-domain.com
Waiting for verification...
Cleaning up challenges
Subscribe to the EFF mailing list (email: admin@your-domain.com).

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your-domain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your-domain.com/privkey.pem
   Your certificate will expire on 2021-08-25. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

At this point, when you are finished using Certbot, you can check your SSL certificate status. Type the following link to your web browser:

https://www.ssllabs.com/ssltest/analyze.html?d=your-domian.com

Install Let's Encrypt SSL with LEMP on AlmaLinux 8

Step 5. Configure Firewall.

Now add firewall rules to allow connections as well as HTTP (port 80) and HTTPS (port 443) traffic:

sudo firewall-cmd --permanent --add-port=80/tcp --zone=public
sudo firewall-cmd --permanent --add-port=443/tcp --zone=public
sudo firewall-cmd --reload

Congratulations! You have successfully installed a free SSL certificate. Thanks for using this tutorial for installing Certbot on your AlmaLinux 8 system. For additional help or useful information, we recommend you check the official Certbot website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!