Menu

How to Secure Apache With Let’s Encrypt on Ubuntu 18.04 & 16.04 LTS

Written by

Let’s Encrypt is a certificate authority (CA) providing free SSL/TLS certificates for enhanced security freely. You can generate CA-singed SSL certificate for any domain, subdomain without any cost and use on your server. It also provides an option to auto-renew SSL certificates for long time use.

Step 1 – Prerequisites

Before starting work on this task, I assume you already have:

  • Running Ubuntu system with sudo privileges shell access.
  • A domain name registered and pointed to your server’s public IP address. For this tutorial, we use example.com and www.example.com, which is pointed to our server.
  • Running Apache2 server with VirtualHost configured for example.com and www.example.com for Port 80.

Step 2 – Install Let’s Encrypt Client

You can download the certbot-auto Let’s Encrypt client and save it in /usr/sbin directory. Use the following command to do it.

sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
sudo chmod a+x /usr/sbin/certbot-auto

Step 3 – Issue SSL from Let’s Encrypt

Let’s Encrypt performs Domain Validation (DV) automatically with multiple challenges. Once the Certificate Authority (CA) verified the authenticity of your domain, SSL certificate will be issued.

You don’t need to create VirtualHost for SSL/HTTPS, Let’s encrypt will create it. You only need to create VirtualHost for port 80 only.

sudo certbot-auto --apache -d example.com  -d www.example.com

Above command will prompt for an email address, which is used for sending email alerts related to SSL renewal and expiration. Also, asks a few more questions. After completion, it will issue an SSL certificate and will also create a new VirtualHost configuration file on your system.

Step 4 – Configure SSL Auto Renew

At the end, configure the following job on your server crontab to auto-renew SSL certificate if required.

0 2 * * * sudo certbot-auto -q renew

You may like:

Rahul
Rahul
Connect on Facebook Connect on Twitter

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

3 Comments

  1. Avatar Ankit Reply to Ankit
    October 1, 2019 at 9:27 am

    awesome tutortial
    Thanks

  2. Avatar Gustavo Salgado Reply to Gustavo
    April 17, 2019 at 10:16 pm

    It works perfect I tried it 18.04 (bionic)

    thank you

  3. Avatar saravanakumar Reply to saravanakumar
    March 5, 2018 at 12:54 pm

    while installing let’s encrypt got this error “Cannot find a cert or key directive in /files/etc/httpd/conf/httpd-le-ssl.conf/IfModule/VirtualHost. VirtualHost was not modified”

Leave a Reply

Copyright © 2013-2020 TecAdmin.net. All Rights Reserved. This site uses cookies. By using this website you agree with our term and services