How to install Lets Encrypt on your Apache Server!

How to install Lets Encrypt on your Apache Server!

Written by Adam. R on Sep 15th, 2021 Views Report Post

What is Lets Encrypt?

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).


Installing

Just to let you know. I already made a Apache installation tutorial but I will remake it so the tutorial will be smooth.


To begin lets just make sure and update our packages by doing the following command:

sudo apt update
sudo apt upgrade

Step 1. Install the Apache Web Server

We chose to use one of the most popular web servers in our article. We will be installing Apache2 since we need a web server on which to install the free Let’s Encrypt SSL certificate. There’s no point in having an SSL certificate without any webpages.

Execute the following command to install Apache2:

sudo apt install apache2

Once Apache2 is installed on your server, you will be able to use the commands below to start, stop, and enable the service. We recommend enabling it so that Apache can start up automatically whenever your server reboots.

sudo systemctl stop apache2.service
sudo systemctl start apache2.service
sudo systemctl enable apache2.service

To confirm that you have properly installed Apache2, you can open your preferred web browser and type your server IP address or your domain (we assume it is pointed to your server) and you should be able to view the Apache2 Ubuntu Default Page.


Step 3. Configure the Apache Virtual Host

sudo nano /etc/apache2/sites-available/domain.com.conf

Then paste the configuration from below into the file, and replace all occurrences of domain.com with your actual domain name.

<VirtualHost *:80>

DocumentRoot /var/www/html/domain.com
ServerName domain.com
ServerAlias www.domain.com

<Directory /var/www/html/domain.com/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

After you have finished with editing the file, save and close it.

Once you have configured the virtual host, you can enable it by executing the following commands.

Disable the default preinstalled virtual host with:

sudo a2dissite 000-default

then, enable the domain.com virtual host:

sudo a2ensite domain.com.conf

also, you need to make sure that the mod rewrite is enabled:

sudo a2enmod rewrite

Restart Apache so the changes will take effect.

sudo systemctl restart apache2.service

Step 4. Install Certbot (Lets Encrypt)

As mentioned earlier, we will be using Certbot so that we can get a free SSL certificate from Let’s Encrypt. To install this useful tool, we need to enable the universe repository:

sudo apt install software-properties-common
sudo add-apt-repository universe
sudo apt update

Run this command on the command line on the machine to install Certbot.

sudo apt install certbot python3-certbot-apache

Step 5. Generate a Free Let’s Encrypt SSL Certificate (The best part!)

There are many ways to obtain an SSL certificate with Certbot. We will use the Apache plugin, which will take care of reconfiguring Apache’s Virtual Host and will reload the new configuration for us. You can run the following command to use the plugin:

sudo certbot --apache

BEFORE YOU DO THIS COMMAND MAKE SURE TO MAKE AN A RECORD POINTING TO YOUR DOMAIN! THE NAME HAS TO BE ROOT! MAKE SURE TO MAKE THE NAME @, or BLANK.

Using this script, you need to answer a series of questions and provide an email address. In the first step, you need to type a valid email address. The email address is required for notifications and security notices regarding your website’s certificate:


The next step is to confirm that you agree to the Let’s Encrypt terms of service. If you want to confirm, just type A and then press [ENTER]:

If you want to share the provided email address with the EFF (Electronic Frontier Foundation) to receive news and other information, you can type Y. If you do not want to receive this type of email, you can type N and submit your answer by typing [ENTER].

Now you need to select the domain you would like to activate HTTPS for. The domains and subdomains listed on your command prompt are automatically obtained from your Apache virtual host configuration. Type the numbers separated by commas and/or spaces, or if you’d like to enable HTTPS for all of the domains or subdomains, you can leave the prompt blank. Either way, you then press [ENTER] to proceed to the next step.

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Certbot provides HTTPS redirection as an option that you can enable. In this step, the script will prompt you to select if you want the entire HTTP traffic to be redirected to HTTPS or to keep the current configuration. Select 1 if you do not want redirection or 2 to enable redirection, then press [ENTER].

Great job. Your SSL certificate is now installed and loaded in the Apache configuration. You will see output similar to the following:

Redirecting vhost in /etc/apache2/sites-enabled/domain.com.conf to ssl vhost in /etc/apache2/sites-available/domain.com-le-ssl.conf


Congratulations! You have successfully enabled https://domain.com

You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=domain.com


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/domain.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/domain.com/privkey.pem Your cert will expire on 2021-09-09. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew all of your certificates, run "certbot renew"
  • Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
  • If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

To verify that your new SSL certificate is set up correctly, visit `https://domain.com/` in your web browser and check for the green lock icon in the URL bar. You can also use an external website or tools to check if your SSL certificate is installed properly.

That’s it, you have successfully installed Lets Encrypt on your Ubuntu Server and you can start using it!

## If you found this usful then please comment and follow me! Also check out [my website where I also post everything from here](https://howtoubuntu.xyz)


Comments (0)