Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

[Ubuntu] Let's Encrypt for Apache

LaurabLaurab Moderator
edited March 2020 in Performance and Security

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.
This tutorial will show you how to set up a TLS/SSL certificate from Let’s Encrypt on an Ubuntu 16.04 server running Apache as a web server.

First of all, install Ubuntu 16.04 on client system:
  1. Login to the Client Area;
  2. Select at the top of the menu the "Services" > "VPS" tab;
  3. Press the "Manage" button at the service table;
  4. Press the "Install OS" button;
  5. Choose an Ubuntu 16.04, agree with warning and press "Continue";
  6. Wait for 5-10 minutes and refresh the VPS management page.

We need to add a repository, for this first of all install the software-properties-common package. For our Ubuntu version, I also had to install the python-software-properties package:

apt-get install software-properties-common python-software-properties
Then add the PPA, update your sources, and upgrade your the package:
add-apt-repository ppa:certbot/certbot
apt-get update
And finally, install Certbot from the new repository with apt-get:
apt-get install python-certbot-apache
The certbot Let's Encrypt client is now ready to use.

Set Up the SSL Certificate

Generating the SSL certificate for Apache using Certbot is quite straightforward. The client will automatically obtain and install a new SSL certificate that is valid for the domains provided as parameters.

To execute the interactive installation and obtain a certificate that covers only a single domain, run the command:
certbot --apache -d
If you have multiple virtual hosts, you should run this command once for each to generate a new certificate for each.

Verifying Certbot Auto-Renewal

By default, SSL certificates issued by Let’s Encrypt are valid for 90 days. So it is recommended to renew the certificate before the expiration date. However, the certbot package we installed takes care of this for us by running certbot renew twice a day via a systemd timer.

To test the renewal process, you can do a dry run with certbot:
certbot renew --dry-run
If you see no errors, you're all set. When necessary, certbot will renew your certificates and reload Apache to pick up the changes.
Sign In or Register to comment.

Learn how to install a web and database server, email, FTP client or other applications. Discover and share information on server security or optimization recommendations.
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!
© 2013 - 2024 Time4VPS. All rights reserved.

Get In Touch