Install mod_ssl on Almalinux 8 / Rocky Linux 8 for the Apache httpd web server


Apache mod_ssl module can be installed to get SSL support on our HTTP server. Here we show you how to enable mod_ssl and mod_http2 for Apache web server on Almalinux or Rocky Linux 8 (RHEL based).

To get support for SSL v3 and TLS v1.x on Apache, this article helps you generate the required SSL certificate, including the associated private key.

Steps to install mod_ssl on Almalinux 8 / Rocky Linux 8

Install the Apache web server

The first thing you need to have on your Linux is the working Apache web server. It can be installed using a single command, i.e .:

sudo dnf install httpd

While to learn more, you can see our tutorial – Configuring Apache web server on AlmaLinux or Rocky Linux 8 server

Install mod_ssl on Rocky or AlmaLinux

Once you have the Apache web server, we can easily install the mode_ssl module using the DNF package manager as it is available through the default repository of these RHEL-based Linux systems:

sudo dnf install mod_ssl

Activate mod_ssl on Rocky Linux or AlmaLinux 8

Well, using the above command, in a few seconds the module will be installed on your server, however, we need to activate it. To do this, simply restart the httpd / Apache web server. So, that he might recognize the same.

sudo systemctl restart httpd

After restarting your web server, confirm that mod_SSL has been successfully activated for Apache.

apachectl -M | grep ssl

The output will be:

ssl_module (shared)

Enable SSL mode for Apache

Open port 443 in the firewall for Apache

As SSL (HTTPS) works on port 443, so to access it outside of the server we need to open it in Almalinux or Rocky Linux 8 firewall first.

sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

Now you will be able to go to the Apache web server test page or any active website running using https protocol but with a certificate warning.

Add your purchased SSL certificate or Generate a self-signed certificate

Now there are two scenarios, one is you purchased an SSL certificate from a third party and you have the two files with the extension .CRT and .Key. If you already have the SSL certificate, add it in /etc/httpd/conf.d/ssl.conf.

While, the second scenario is that you don’t have an SSL certificate and want to generate a self-signed one to use at least for local use using OpenSSL.

To note: you can replace the server text in the command below with whatever you want to easily identify the keys.

sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/server.key -x509 -days 365 -out /etc/pki/tls/certs/server.crt

Once you run the above command, you will have two SSL files:

SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key


Now edit the SSL configuration file

sudo nano /etc/httpd/conf.d/ssl.conf

and replace it with the following two file paths That is with the SSL certificate you purchased Where generated by yourself using the command above.

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Here I’m assuming you want to use a self-generated certificate and then

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/server.crt


SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/private/server.key

to safeguard the file by pressing Ctrl + O and hit the Enter key to exit the file Ctrl + X.


Add a self-generated SSL certificate for the Apache web server

Restart your web server:

sudo systemctl reload httpd

Now you will be able to access the web server running websites through SSL HTTPS:

Redirect all http traffic to https

Those who want to redirect all their http (port80) traffic to https (443) by default can create the redirect configuration file:

sudo nanao /etc/httpd/conf.d/redirect_http.conf

Copy and paste the following line and change the domain or website URL

        Servername you-server
        Redirect permanent /

Save the file by pressing Ctrl + O and hit the Enter key to exit the file Ctrl + X.

To apply the changes, reload the web server:

sudo systemctl reload httpd

Now all http traffic will be redirected to HTTPS by activating mod_ssl on AlmaLinux or Rocky Linux 8; however, the thing to keep in mind the self-generated certificate will always get a certificate error. This is because self-signed certificates are not trusted by browsers because they were generated by you, and not by a certification authority (certification authority, an entity that issues digital certificates.).

Other articles:

• How to install the CloudPanel control panel on the Debian 10 server
• Install and configure the Lighttpd web server on Ubuntu
• How to connect AlmaLinux 8 via Windows RDP
• Install Rocky Linux 8 on Amazon AWS EC2…


Comments are closed.