To properly install an SSL certificate on your AlmaLinux server running the Nginx web server, you’ll utilize Let’s Encrypt, a non-profit Certificate Authority (CA) issuing SSL certificates for free. The following step-by-step guide details the process, ensuring a secure connection to your domain.
Background and Prerequisites
Before initiating the SSL certificate installation process, ensure you’re running an AlmaLinux system accessible on the public Internet and possess a valid DNS A or CNAME record for your domain. Having a functional Web Server installed on your system is necessary. For this tutorial, Nginx will be installed as your Web Server.
Step 1: Connect to the Server as Root
To execute commands requiring root privileges, connect to your Linux server as the root user. Use the following command to switch to the root account:
bash
su -
Step 2: Install and Configure Nginx
Begin by installing the Nginx Web Server:
bash
dnf install -y nginx
After the installation, edit the /etc/nginx/nginx.conf file with your preferred text editor. Ensure to replace the default server name with your domain:
bash
nano /etc/nginx/nginx.conf
Change server_name _; to server_name your_domain;, then verify your Nginx configuration:
bash
nginx -t
Start and enable the web server:
bash
systemctl enable --now nginx
Ensure Nginx is running properly:
bash
systemctl status nginx
Step 3: Allow Inbound HTTP and HTTPS Traffic
For enabling HTTP and HTTPS traffic, use the following firewall commands:
bash
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
Step 4: Test the Web Server
Access your domain in a web browser to confirm the web server’s functionality. For instance, use http://your_domain.
You should see a test page, indicating that the web server is running correctly.
Step 5: Install Certbot and Configure SSL
Install snapd
Add the EPEL repository and install the snapd package:
bash
dnf install -y epel-release
dnf install -y snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap
Install Certbot
Use snap to install certbot:
bash
snap install --classic certbot
To configure Nginx for HTTPS traffic and obtain a certificate, run certbot:
bash
/snap/bin/certbot --nginx
During the installation, provide your email address when prompted and answer “yes” to the questions as required.
Step 6: Auto-Renewal of SSL Certificate
Ensure the auto-renewal process is functioning:
bash
/snap/bin/certbot renew --dry-run
If the renewal is successful, you’ll receive the message: “Congratulations, all simulated renewals succeeded.”
Step 7: Verify the SSL Certificate
Access your domain over HTTPS via a web browser. Successful SSL certificate installation won’t display any errors or warnings.
Alternatively, check the SSL certificate from the command line using the curl utility:
bash
curl https://your_domain
A valid certificate will return the website content without any errors or warnings.
This comprehensive guide should assist in installing and validating an SSL certificate for your domain hosted on an AlmaLinux server running Nginx.