Steps to Setup Secure Apache with Free Let’s Encrypt SSL Certificate on Ubuntu 20.04 LTS

Let’s Encrypt is a provides to obtain and install free TLS/SSL certificates, enabling encrypted HTTPS on web server. Let’s Encrypt is a Certificate Authority (CA). It helps to encrypt the entire web to the extent that HTTPS becomes the norm.

Certbot is a free & open source software. It is easy to use tool that can automate the tasks for obtaining/generating and renewing Let’s Encrypt free SSL certificates and configuring web servers.

There are few steps to Setup Secure Apache with Free Let’s Encrypt SSL Certificate on Ubuntu:

Step 1: Update the System.

apt-get update

Step 2: Install the Apache2.

apt-get install apache2

  • Start & Enable the Apache2.

systemctl start apache2
systemctl enable apache2

Step 3: Install  the Certbot software.It is an easy-to-use client that fetches a certificate from Let’s Encrypt & used to switch an existing HTTP site to HTTPS.

add-apt-repository ppa:certbot/certbot
apt install python3-certbot-apache

Step 4: Open the Virtual host file.

vim /etc/apache2/sites-available/domain.conf

  • Provide the fully qualified Domain name.

...
ServerName domain-name;
...

  • Restart the apache2.

systemctl restart apache2

Step 5: Open the https port number in firewall.

ufw allow 443
or
ufw allow 'Apache Full'

Step 6: To Generate SSL Certificate.Run the following command:

cerbot
or
certbot --apache
or
certbot --apache -d domain-name -d www.domain-name

  •  -d: to provide the name,the certificate to be valid for.
  • Here is the command output.
  • Provide the email address & Press A for Agree to the Let’s Encrypt terms of service .
  • To share the provided email address with the EFF (Electronic Frontier Foundation) to receive news and other information, type Y otherwise type N.

  • Select “which name would you like to activate HTTPS for?”, Type Appropriate number. Otherwise Enter.
  •  Type 1 for No Redirect or Type 2 for Redirect.
  • Type 2 & Press Enter.

  • Now SSL certificate has been created successfully.

0 */12 * * * root certbot -q renew –apache

  • Test the configuration.Open the link mentioned on above image.

https://www.ssllabs.com/ssltest/analyze.html?d=domain-name.com

  • Here is the output.

  • Now Open the application using the domain-name with https.

Step 7: To Renewal the ssl certificate.

certbot renew --dry-run

  •  Add on crontab file.

vim etc/crontab

  • Add the following line:

0 */12 * * * root certbot -q renew --apache

Leave a Reply