How to configure Let's Encrypt with Apache on Ubuntu Bionic

Let's Encrypt Overview

Let’s Encrypt is a certificate authority providing free SSL certificates. The creation, validation, installation is automated with certbot — all major browsers trust certificates issued by Let’s Encrypt.

In this tutorial you will learn how to secure the Apache web server on Ubuntu Bionic Beaver with a Let’s Encrypt certificate using certbot.

Requirements:

Installing Apache

1 . Start by updating the software already installed on the instance:

apt update
apt upgrade -y

2 . Install the Apache Web Server:

apt install apache2

3 . Create a directory for the website. In this tutorial myweb.example.com is being used. Replace it with your domain name whenever you see it:

mkdir -p /var/www/html/myweb.example.com/public_html

4 . Create an index page for the website by running the following command:

nano /var/www/html/myweb.example.com/public_html/index.html

Then copy the following content into the file, save it and exit nano:

<html>
 <head>
 <title>myweb.example.com</title>
 </head>
 <body>
 <h1>New Website</h1>
 <p>This is the new website of myweb.exaple.com</p>
 </body>
</html>

5 . Create a configuration file for the website, by making a copy of the default configuration:

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/myweb.example.com.conf

6 . Open the file in a text editor:

/etc/apache2/sites-available/myweb.example.com.conf

Edit the following lines to match your configuration, add them to the file, save it and exit the editor:

ServerAdmin webmaster@myweb.example.com
ServerName myweb.example.com
ServerAlias www.myweb.example.com
DocumentRoot /var/www/html/myweb.example.com/public_html

Once edited the file should look like this example:

Apache Configuration file

7 . Activate the new site:

a2ensite myweb.example.com

8 . Reload the Apache configuration to enable the new site:

systemctl reload apache2

Installing Certbot

1 . Install the pre-required packages and repositories:

apt install software-properties-common -y && add-apt-repository universe -y && add-apt-repository ppa:certbot/certbot -y

2 . Update the apt packet cache:

apt update

3 . Install Certbot via apt:

apt install certbot python-certbot-apache -y

Running Certbot

1 . Run Certbot to request a certificate for the domain name:

certbot --apache

Certbot will ask you a series of questions:

  • In a first step Certbot asks for your email address. Enter it and press Enter on your keyboard.
  • You will then be asked to agree to the terms of service, confirm it by pressing on A.
  • Decide if you want to share your email address with the Electronic Frontier Foundation (EFF). Press Y for yes or N for no.
  • Following you will be asked for which domains you want to activate SSL. Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown.
  • Certbot asks if all traffic should be forced to HTTPS. Type 1 for no or 2 for yes.
  • The certificate is being requested and the following message appears once it has been obtained:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://myweb.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=myweb.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2 . Verify the certificate by opening your site in a web browser:

SSL Enabled

You notice the small padlock icon indicating that the connection to your instance is encrypted now.

Discover a New Cloud Experience

Deploy SSD Cloud Servers in seconds.