Blog

Installing an SSL Certificate on AlmaLinux

To properly install an SSL certificate on your AlmaLinux server running the Nginx web server, you’ll utilize Let’s Encrypt, a non-profit Certificate Authority (CA) issuing SSL certificates for free. The following step-by-step guide details the process, ensuring a secure connection to your domain.

Background and Prerequisites

Before initiating the SSL certificate installation process, ensure you’re running an AlmaLinux system accessible on the public Internet and possess a valid DNS A or CNAME record for your domain. Having a functional Web Server installed on your system is necessary. For this tutorial, Nginx will be installed as your Web Server.

Step 1: Connect to the Server as Root

To execute commands requiring root privileges, connect to your Linux server as the root user. Use the following command to switch to the root account:

bash
su -

Step 2: Install and Configure Nginx

Begin by installing the Nginx Web Server:

bash
dnf install -y nginx

After the installation, edit the /etc/nginx/nginx.conf file with your preferred text editor. Ensure to replace the default server name with your domain:

bash
nano /etc/nginx/nginx.conf

Change server_name _; to server_name your_domain;, then verify your Nginx configuration:

bash
nginx -t

Start and enable the web server:

bash
systemctl enable --now nginx

Ensure Nginx is running properly:

bash
systemctl status nginx

Step 3: Allow Inbound HTTP and HTTPS Traffic

For enabling HTTP and HTTPS traffic, use the following firewall commands:

bash
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

Step 4: Test the Web Server

Access your domain in a web browser to confirm the web server’s functionality. For instance, use http://your_domain.

You should see a test page, indicating that the web server is running correctly.

Step 5: Install Certbot and Configure SSL

Install snapd

Add the EPEL repository and install the snapd package:

bash
dnf install -y epel-release
dnf install -y snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap

Install Certbot

Use snap to install certbot:

bash
snap install --classic certbot

To configure Nginx for HTTPS traffic and obtain a certificate, run certbot:

bash
/snap/bin/certbot --nginx

During the installation, provide your email address when prompted and answer “yes” to the questions as required.

Step 6: Auto-Renewal of SSL Certificate

Ensure the auto-renewal process is functioning:

bash
/snap/bin/certbot renew --dry-run

If the renewal is successful, you’ll receive the message: “Congratulations, all simulated renewals succeeded.”

Step 7: Verify the SSL Certificate

Access your domain over HTTPS via a web browser. Successful SSL certificate installation won’t display any errors or warnings.

Alternatively, check the SSL certificate from the command line using the curl utility:

bash
curl https://your_domain

A valid certificate will return the website content without any errors or warnings.

This comprehensive guide should assist in installing and validating an SSL certificate for your domain hosted on an AlmaLinux server running Nginx.

Scroll to Top