How to Enable HTTPS Protocol on AlmaLinux 10

by
How to Enable HTTPS Protocol on AlmaLinux 10

This blog post teaches you how to enable HTTPS protocol on AlmaLinux 10. HTTPS is hypertext transfer protocol secure and is the secure version of the HTTP protocol. To increase security, the HTTPS protocol sends encrypted data between web browsers and websites. This is extremely important when the user transmits sensitive data, such as logging in, storing credit card information, paying online, etc. The HTTPS uses the SSL (Secure Socket Layer) to encrypt the transmitted data and verify the server’s identity.

In the next few paragraphs, we will explain in more detail how to enable the HTTPS Protocol. Let’s get started!

Prerequisites

  • A server running AlmaLinux 10
  • A valid domain pointed to the server IP address
  • User privileges: root or non-root user with sudo privileges

What is the HTTPS protocol, and how can it be enabled?

The HTTPS protocol is a secure way to access websites and transmit encrypted data. The HTTPS protocol uses the SSL protocol, and to enable HTTPS on AlmaLinux 10, we need to install an SSL certificate. SSL certificates would allow websites to use HTTPS. An SSL certificate is a data file hosted on a website’s origin server. So in this case, to enable HTTPS on AlmaLinux 10, we need a website, a domain name, an SSL certificate for that domain, and the most essential web server configuration files. We can use Apache, Nginx, and LiteSpeed as web servers. In this blog post, we will use the Apache Web server, so in the following paragraphs, we will show you the exact steps for enabling HTTPS on your website.

Step 1. Update the System

Before we execute any command on the server, it is recommended that the system packages be updated to the latest version available. To do that, execute this command on your command line:

sudo dnf update -y && sudo dnf upgrade -y

Step 2. Install Apache Web Server

To install the Apache Web server, execute the command below:

sudo dnf install httpd -y

Once installed, start and enable the service for automatic start on system boot:

sudo systemctl start httpd && sudo systemctl enable httpd

Check the status of the service:

sudo systemctl status httpd

You should get the following output:

root@host ~]# sudo systemctl status httpd
● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
     Active: active (running) since Mon 2025-04-07 15:22:35 CDT; 7min ago
 Invocation: 0d69cef33f884d6d9f8179803a955931
       Docs: man:httpd.service(8)
   Main PID: 97965 (httpd)
     Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes served/sec:   0 B/sec"
      Tasks: 177 (limit: 23175)
     Memory: 13.8M (peak: 14.1M)
        CPU: 685ms
     CGroup: /system.slice/httpd.service
             ├─97965 /usr/sbin/httpd -DFOREGROUND
             ├─97966 /usr/sbin/httpd -DFOREGROUND
             ├─97967 /usr/sbin/httpd -DFOREGROUND
             ├─97968 /usr/sbin/httpd -DFOREGROUND
             └─97969 /usr/sbin/httpd -DFOREGROUND

Apr 07 15:22:34 host.test.vps systemd[1]: Starting httpd.service - The Apache HTTP Server..

Step 3. Install Socat and Acme

We need to install some prerequisites on our server for the fake web server and client support features:

sudo dnf install socat -y && sudo curl https://get.acme.sh | sh && source ~/.bashrc

Step 4. Install a Free ZeroSSL certificate

ZeroSSL is a free SSL certificate authority created by CodeNotary, a software company known for its immutability and blockchain solutions for data integrity. To install ZeroSSL, first, we must create a ZeroSSL account:

acme.sh --register-account -m admin@your_domain.com --server zerossl

You should receive the following output:

[root@host conf.d]# acme.sh --register-account -m admin@yourdomain.com --server zerossl
[Mon Apr  7 16:19:37 CDT 2025] Account key creation OK.
[Mon Apr  7 16:19:37 CDT 2025] No EAB credentials found for ZeroSSL, let's obtain them
[Mon Apr  7 16:19:37 CDT 2025] Registering account: https://acme.zerossl.com/v2/DV90
[Mon Apr  7 16:19:40 CDT 2025] Registered
[Mon Apr  7 16:19:40 CDT 2025] ACCOUNT_THUMBPRINT='ZmR7AOpN7-zg72TcIUXIzFftKyidkjA6oF-fvf9pXoc'

Next, we need to stop the HTTPD service because generating ZeroSSL with the acme.sh script requires port 80 to be free.

sudo systemctl stop httpd

Once the httpd service is stopped, we can generate ZeroSSL with acme.sh:

acme.sh --issue --standalone -d your_domain.com --server zerossl

You should receive the following output:

[Mon Apr  7 16:24:29 CDT 2025] Your cert is in: /root/.acme.sh/yourdomain.com_ecc/yourdomain.com.cer
[Mon Apr  7 16:24:29 CDT 2025] Your cert key is in: /root/.acme.sh/yourdomain.com_ecc/yourdomain.com.key
[Mon Apr  7 16:24:29 CDT 2025] The intermediate CA cert is in: /root/.acme.sh/yourdomain.com_ecc/ca.cer
[Mon Apr  7 16:24:29 CDT 2025] And the full-chain cert is in: /root/.acme.sh/yourdomain.com_ecc/fullchain.cer

Step 5. Create Apache configuration file

If you access your server IP address in the browser, the browser will return the default Apache welcome page. However, installing an SSL certificate on an IP address is impossible. That is why we need to configure the Apache configuration file so the website can be accessible via the domain name. To do that, create the following file:

touch /etc/httpd/conf.d/website.conf

Once, open it with your favorite text editor and paste the following lines of code:

<VirtualHost *:80>
     ServerName yourdomain.com
     DocumentRoot /var/www/html
     <Directory /var/www/html/>
          Options FollowSymlinks
          AllowOverride All
          Require all granted
     </Directory>

     ErrorLog /var/log/httpd/yourdomain.com_error.log
     CustomLog /var/log/httpd/yourdomain.com.log combined
    Redirect permanent / https://yourdomain.com

</VirtualHost>

<VirtualHost *:443>
 ServerName yourdomain.com
 DocumentRoot /var/www/html
 SSLEngine on
 SSLCertificateFile /root/.acme.sh/yourdomain.com_ecc/fullchain.cer
 SSLCertificateKeyFile /root/.acme.sh/yourdomain.com_ecc/yourdomain.com.key
</VirtualHost>

Please save the file, close it, and check the syntax of the Apache configuration file.

httpd -t

You should get the following output

[root@host conf.d]# httpd -t
Syntax OK

Restart the httpd.service.

sudo systemctl restart httpd

Now, you can access your website via your domain securely via HTTPS at https://yourdomain.com

That’s it. You’ve successfully enabled HTTPS Protocol on AlmaLinux 10 OS.

Now, you don’t have to do this if you have difficulties and are unfamiliar with Linux and SSL certificates. You can always contact our technical support. Sign up for one of our NVMe VPS server plans and submit a support ticket. We are available 24/7 and will take care of your request immediately.

If you liked this post about enabling HTTPS on AlmaLinux 10, please share it with your friends or leave a comment below.

Leave a Comment