Introduction
Apache HTTP Server, commonly referred to as Apache, is one of the most widely used web servers in the world. The main advantages of Apache are considered to be reliability and configuration flexibility.
In this tutorial, we will install Apache together with Let's Encrypt on Rocky Linux 9.
Installation Guide
1. Update the system
Ensure your system is up to date:
dnf update -y
2. Install Apache
Run the following command to install Apache:
dnf install httpd -y
Run this command to automatically start Apache after every boot:
systemctl enable httpd
To start Apache run this command:
systemctl start httpd
Verify if Apache enabled successfully (status should be "active"):
systemctl status httpd
3. Allow HTTP and HTTPS
Next, we need to allow HTTP and HTTPS. You can do this in IPtables or firewall.
IPtables:
If you use IPtables, run these commands:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
Save changes:
iptables-save | sudo tee /etc/sysconfig/iptables
Restart iptables to apply the changes:
systemctl restart iptables
Firewalld:
If you are using firewalld, run these commands to allow HTTP and HTTPS:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
4. Create Apache Virtual Host
Create a new Virtual Host configuration file for your domain. Replace yourdomain.ltd with your actual domain:
vi /etc/httpd/conf.d/yourdomain.com.ltd.conf
Paste this content into the file and replace yourdomain.ltd with your actual domain:
Save the file and exit (press "Esc", then type :wq and click "Enter").
5. Create the document root directory
Create the document root directory if it does not already exist (replace yourdomain with your actual domain):
mkdir -p /var/www/html/yourdomain
6. Set permissions
Now you need to set the permissions for the document root directory. Run these commands (replace yourdomain with your actual domain):
chown -R apache:apache /var/www/html/yourdomain
chmod -R 755 /var/www/html/yourdomain
7. Create Test page
To check if everything works correctly, create a test HTML page:
vi /var/www/html/yourdomain/index.html
Paste this content:
Then restart Apache to apply the changes:
systemctl restart httpd
At this point, your test page should be accessible via HTTP. For a secure connection via HTTPS, we need to install a Let's Encrypt certificate, so follow the instructions below.
8. Install Let's Encrypt certificate
First of all, install the EPEL repository:
dnf install epel-release -y
Then install Certbot:
dnf install certbot python3-certbot-apache -y
Finally, run Certbot to install SSL certificate for your domain:
certbot --apache
You may receive the following error message:
You can ignore it and continue.
You will need to select the domain you want to secure and enter your email address to receive notifications from Let's Encrypt. You will also need to agree to the Terms of Service (mandatory) and agree or disagree to share your email address with Electronic Frontier Foundation (optional).
After that, make sure to restart Apache:
systemctl restart httpd
Now you can open your browser, go to the test page and see it with a valid SSL certificate (via HTTPS). Click on the padlock icon in the address bar to see information about the certificate.
9. Manual and automatic SSL renewal
Let's Encrypt certificates are valid for 90 days and can be renewed manually or automatically.
To renew manually, run this command:
certbot renew
If the certificate is less than 30 days away from expiration, this command will renew it.
If you want to specify auto-renewal, you can create cronjob to run the above command twice a day automatically:
crontab -e
Add this line to the crontab:
You're all set. When necessary, certbot will renew your certificates and reload Apache to pick up the changes.