SSL on AlmaLinux ARM

Running 9 on a Raspberry Pi 4 Model B Rev 1.2, runs great, using Cloudflare for DNS, but cannot get SSL to work. Does Apache install not support SSL on ARM? I’ve googled, forum search, even ChatGPT’d this thing to death. What am I missing?

You probably should stop using the term “SSL” in your searches as nobody uses SSL any more, its TLS these days, even though we still call them SSL certs and OpenSSL etc.

You can get free SSL (TLS!) certs from letsencrypt who have plugins for Cloudflare e.g. certbot-dns-cloudflare

Then you need to look into configuring Apache 2.4 to use the certificate - I really would skip self-signed certs and just get a letsencrypt wildcard cert.

To get you started:

sudo dnf install epel-release
sudo dnf install certbot python3-certbot-dns-cloudflare python3-certbot httpd mod_ssl

Thanks. The world still seems to be saying SSL and I’m like 55 so I learn slowly :slight_smile:

I will try Certbot again.

I finally managed to get it all working, but it was a lot of steps. I am spoiled by years of WHM/Cpanel, and other web admin scripts that don’t run on almalinux arm, so this all had to be done manually and it was a lot of effort in various conf files, etc.

I have three Pi 4s I got for free, so I am running difficult Linux flavors on each to see how far I can push them, for fun, with WP sites, etc. DietPi was the easiest to configure for SSL and the lot so far. Almalinux was a lot of manual work because some of the things needed are work-arounds from the non arm version.

This helped vs self-signed:
sudo dnf install certbot python3-certbot-dns-cloudflare python3-certbot

the nice thing about the certbot dns plugin for cloudflare is that you can do a wildcard cert that will work on your LAN, you don’t have to expose it to the internet or even have an A record like with the http method.

i’m surprised there’s any difference between the pi and x86_64, i guess the docker stuff is more complicated maybe?

give me a shout if you need more help.

I think there was just some things that are different, but for the most part almalinux is almalinux. It was a learning curve. I run two other Pi4s, and after getting almalinux arm working with the full LAMP stack and TLS now, I put a headless Raspian on another and ran Virtualmin with no issues. So, three new flavors of Linux on three Pi4s to experiment with! I went almalinux on one because it’s what I have on my dedicated hosted server, and a couple of locals to replace CentOS. And I bought the t-shirt. :slight_smile: Thanks for the help offer, at the moment between you, me and ChatGPT I think its all working.