SSL (Secure Sockets Layer) is a security protocol that functions to secure communication between clients and servers over the internet. SSL is used to protect sensitive data such as login information, credit card data, and other personal information sent over the internet. Secure Sockets Layer or SSL works by using encryption techniques, namely changing the data sent into a form that cannot be read by unauthorized parties. This is done by encrypting data on the sender’s side and then decrypting it on the recipient’s side. Nowadays, websites are expected to use SSL certificates. In this article, we will show you how to install Let’s Encrypt on Almalinux 10.
To Install Let’s Encrypt on AlmaLinux 10 , you will need to:
- Already be familiar with the Command Line. The Command Line is a way of interacting with a computer by typing text-based commands and receiving text-based replies. We will run the certbot command throush SSH.
- Already have an HTTP/HTTPS service, which has open ports 80 and 443. The server must have an HTTP service that is already active, with ports 80 and 443 open.
- Have SSH access to the server, and have sudo (root) access. Sudo is the most common command on Unix-like operating systems to run certain commands as root (system administrator). If you’re logged into your server as a user other than root, you may need to put sudo before your Certbot command to have it run as root (e.g., sudo certbot instead of just certbot), especially if you’re re-using Certbot’s integration with a web server like Apache or Nginx. (The certbot-auto script automatically runs sudo if it’s needed and you don’t specify it.)
Conventions
#– given commands should be executed with root privileges either directly as a root user or by use of sudo command
$ – given commands should be executed as a regular user
Let’s Encrypt is a certificate authority that provides SSL/TLS certificates for free. Users are no longer required to use paid SSL certificates. Let’s Encrypt was initially released on April 12, 2016. To get a Let’s Encrypt certificate, you’ll need to choose a piece of ACME client software to use. The ACME protocol is used to verify that you control a given domain name and to issue you a certificate.
Most people use Certbot to generate and install an SSL/TLS certificate. There are some alternatives to Cerbot, like acme.sh, dehydrated, getssl. These ACME clients are offered and maintained by third parties. Let’s Encrypt does not control or review third party clients and cannot make any guarantees about their safety or reliability. In this article, we will use Certbot to generate and install an SSL certificate.
Install Certbot
Certbot is a tool to obtain SSL certificates from Let’s Encrypt and optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol. To install Certbot on AlmaLinux 10, we need to install
If your server is running Apache
# dnf install python3-certbot-apache
If your server is running nginx
# dnf install python3-certbot-nginx
That’s it! Cerbot should be installed on your server now.
Generate the SSL Certificate
We will use a domain called yourdomain.com as an example to get an SSL certificate. Make sure that this domain already has an Apache virtual host or nginx server block. If your apache or nginx does not have the virtual host or nginx server block, you can create one.
Apache
# nano /etc/httpd/conf.d/yourdomain.com.conf
Add the following in to the file:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/yourdomain.com
ServerName yourdomain.com
ServerAlias www.yourdomain.com
ErrorLog /var/log/httpd/yourdomain.com-error.log
CustomLog /var/log/httpd/yourdomain.com-access.log combined
</VirtualHost>
Make sure to replace yourdomain.com with your actual domain name pointing to your server.
After making changes to your Apache configuration, you should check the configuration before restarting the service.
# apachectl -t
If you see the “Syntax OK” message, then your configuration has no errors and you restart Apache:
# systemctl restart httpd
Nginx
# nano /etc/nginx/conf.d/yourdomain.com.conf
Insert the following in to the file:
server {
listen 80;
root /var/www/html/yourdomain.com;
access_log /var/log/nginx/yourdomain.com.access.log;
error_log /var/log/nginx/yourdomain.com.error.log;
index index.html index.php;
server_name yourdomain.com www.yourdomain.com;
location / {
try_files $uri $uri/ =404;
}
}Nginx also has a tool to check the configuration file, we can run it before restarting the service.
# nginx -t
You will see:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
If everything is okay, you can restart nginx.
# systemctl restart nginx
Now, to generate the SSL certificate, run this command:
# certbot
Once executed, you will be prompted for a few questions and see an output like this:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): [email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: yourdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for yourdomain.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem
This certificate expires on 2025-08-14.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for cloud.example.com to /etc/nginx/conf.d/yourdomain.com.conf
Congratulations! You have successfully enabled HTTPS on https://yourdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully learned how to install Let’s Encrypt on AlmaLinux 10.
PS. If you liked this post please share it with your friends or leave a comment below. Thanks.