facebook youtube pinterest twitter reddit whatsapp instagram

Securing Apache Server Using (Let's Encrypt) [Ubuntu]

By DevsrealmGuy
|
Published: 25 JUN, 2020
|
Updated: 6 SEP, 2022
Securing Apache Server Using (Let's Encrypt) [Ubuntu]

In this guide, you'll learn how to use secure your Apache server for free with Let's Encrypt, this way, you can ensure your websites are encrypted and available over HTTPS.

Let's Encrypt provide free SSL/TLS certificates. You can get a valid SSL certificate for your domain at no cost. These certificates can be used in a production environment as well.

Note: Let’s Encrypt do a DNS check for the domain, that domain is pointed to the current server. After that it issues a certificate for the domain, so, it won't work for local development, although there is another approach for that, e.g Securing Apache Server Using a (Self Signed Certificate) [Ubuntu].

First, install certbot-auto, and save it under /usr/sbin directory, the cerbot-auto is a Let’s Encrypt client, it is used to automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates.

Use the following command to download it:

sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
sudo chmod a+x /usr/sbin/certbot-auto

The next step is to get an SSL certificate, use the following command to do that:

sudo certbot-auto certonly --standalone -d website.com  -d www.website.com

This would do a strong Domain Validation automatically with multiple challenges to verify the ownership of the domain. Once the Certificate Authority (CA) verified the authenticity of your domain, the SSL certificate will be issued.

You will be prompted for an email address, which is used for sending email alerts related to SSL renewal and expiration. Also, asks a few more questions. After completion, it will issue an SSL certificate and will also create a new VirtualHost configuration file on your server.

View the issued certificate under:

/etc/letsencrypt/live/website.com

The final step is to change it in your virtual host, so, in Apache:

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/website.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem

Related Post(s)

  • Setting Up Send-Only Mail Server From Scratch (With Haraka)

    In this guide, I would walk you through the steps of setting up an email server that can be used as a send-only mail server, we would not be dealing with receiving mails, we only care about sending em

    Read More

  • Send Mail with Attachment Using Mutt in GNU/Linux

    Mutt is a powerful text-based mail client for Unix/Linux operating systems. It features color support, message threading, MIME support...

    Read More

  • Using Pageant To Automatically Authenticate SSH key in Putty

    I can't count how many times I have typed my ssh key passphrase whenever my ssh connection times out, it is so annoying and repetitive. Well, thanks to the putty pageant, you can do that seamlessly.

    Read More

  • Installing WP-CLI In a GNU/Linux Server

    WP-CLI is a command-line interface for WordPress. It can also be used with ClassicPress, as they are no differences in their usage, maybe just minimal if you are updating or downloading new ClassicPr

    Read More

  • How To Send Mail To Multiple Addresses Using (mailx)

    In this guide, you'll learn a couple of ways you can send mail to multiple addresses using mailx. mailx is a utility program for sending and receiving mail. I assume you already have mailx command, i

    Read More

  • Monitoring Multiple Log Files In RealTime With MultiTail (Ubuntu)

    Oh my... I really find scanning through the logs file time consuming, and painful. Luckily for me, I founded Multitail, which is an awesome, and powerful tool for not only browsing through several f

    Read More