Hands On: How To Secure Apache with Let's Encrypt on Ubuntu 20.04

In the previous article, it had the basic concepts about the SSL certificate. In this article, it will help to obtain a free SSL certificate by using Certbot


Introduction

Certbot is a tool that helps you obtain and renew SSL certificates from Let's Encrypt, a free and open certificate authority. SSL certificates are used to enable HTTPS on your website, which encrypts the communication between your server and your visitors. This improves the security and privacy of your website, as well as the trust and confidence of your visitors

To use Certbot, you need to have access to your server's command line and be able to install software on it. You also need to have a domain name that you control and point it to your server's IP address. Certbot will guide you through the process of verifying your domain ownership and installing the certificate on your server. You can also configure Certbot to automatically renew your certificate before it expires.

Prerequisites

  • Have one ubuntu server 20.04
  • A valid domain name, You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
  • Have the apache 2.4 installed on your ubuntu server, Be sure that you have a virtual host file for your domain. 
In order to be able to automatically obtain and configure SSL for your web server, Certbot needs to find the correct virtual host within your Apache configuration files. Your server domain name(s) will be retrieved from the ServerName and ServerAlias directives defined within your VirtualHost configuration block.

Step procedure:

Step 1: Install certbot

sudo apt install certbot python3-certbot-apache

Step 2: Update the VirtualHost configuration 

sudo nano /etc/apache2/sites-available/example.conf

The contents should be

...
ServerName example.com
ServerAlias www.example.com
...

If the site didn't enable, please enable it by

sudo a2ensite example.conf

Step 3: Check the apache VirtualHost configuration

sudo apache2ctl configtest

If the result is ok, then reload the apache server

sudo systemctl reload apache2

Step 4: Obtaining An SSL certificate

sudo certbot --apache

First, it will ask for your email address. This email will be used for renewal notifications and security notices

Next, Enter ‘A’ to agree to the Let’s Encrypt terms of service.

Next, Enter ‘N’ If you do not want to subscribe to their content 

Next, it will prompt you to inform Certbot of which domains you’d like to activate HTTPS for

Finally, you’ll be prompted to select whether or not you want HTTP traffic redirected to HTTPS

Step 5: Verifying Certbot Auto-Renewal

sudo systemctl status certbot.timer

Other Utilities commands:

  • To list certificate
sudo certbot certificates
  • To delete certificate
sudo certbot delete --cert-name example.com
  • To expand certificate

sudo  certbot certonly --apache --expand --cert-name example.com -d www.example.com 1,mail.example.com

  • To test the renewal process, you can do a dry run with
sudo certbot renew --dry-run

Conclusion

In this article, you’ve installed the Let’s Encrypt client certbot, configured and installed an SSL certificate for your domain, and confirmed that Certbot’s automatic renewal service is active within systemctl

Duoc Le, Devops @ UnDigital®

Full Article

Featured projects.

OZ Design Furniture

We executed a three-phased omnichannel headless ecommerce store, PIM and data feeds integration.

Sekisui House

We re-platformed 7 websites into a shared ecosystem and saved the business $200k in licensing and IP fees as well as thousands of dollars per month on maintenance fees.