Jump toUpdate content
How to configure Let's Encrypt with Apache on Ubuntu Bionic
- compute
- Let's-Encrypt
- Apache
- Ubuntu-Bionic
- SSL-certificates
Let’s Encrypt Overview
Let’s Encrypt is a certificate authority providing free SSL certificates. The creation, validation, installation is automated with certbot — all major browsers trust certificates issued by Let’s Encrypt.
In this tutorial you will learn how to secure the Apache web server on Ubuntu Bionic Beaver with a Let’s Encrypt certificate using certbot.
- You have an account and are logged into the Scaleway console
- You have created an Instance
- You have configured your SSH key
- You have sudo privileges or access to the root user.
Installing Apache
Start by updating the software already installed on the instance:
apt update
apt upgrade -yInstall the Apache Web Server:
apt install apache2
Create a directory for the website. In this tutorial
myweb.example.com
is being used. Replace it with your domain name whenever you see it:mkdir -p /var/www/html/myweb.example.com/public_html
Create an index page for the website by running the following command:
nano /var/www/html/myweb.example.com/public_html/index.html
Then copy the following content into the file, save it and exit nano:
<html>
<head>
<title>myweb.example.com</title>
</head>
<body>
<h1>New Website</h1>
<p>This is the new website of myweb.exaple.com</p>
</body>
</html>Create a configuration file for the website, by making a copy of the default configuration:
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/myweb.example.com.conf
Open the file in a text editor:
/etc/apache2/sites-available/myweb.example.com.conf
Edit the following lines to match your configuration, add them to the file, save it and exit the editor:
ServerAdmin webmaster@myweb.example.com
ServerName myweb.example.com
ServerAlias www.myweb.example.com
DocumentRoot /var/www/html/myweb.example.com/public_htmlOnce edited the file should look like this example:
Activate the new site:
a2ensite myweb.example.com
Reload the Apache configuration to enable the new site:
systemctl reload apache2
Installing Certbot
Install Certbot via apt:
apt install certbot python3-certbot-apache -y
Running Certbot
Run Certbot to request a certificate for the domain name:
certbot --apache
Certbot will ask you a series of questions:
In a first step Certbot asks for your email address. Enter it and press
Enter
on your keyboard.You will then be asked to agree to the terms of service, confirm it by pressing on
A
.Decide if you want to share your email address with the Electronic Frontier Foundation (EFF). Press
Y
for yes orN
for no.Following you will be asked for which domains you want to activate SSL. Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown.
Certbot asks if all traffic should be forced to HTTPS. Type
1
for no or2
for yes.The certificate is being requested and the following message appears once it has been obtained:
Congratulations! You have successfully enabled https://myweb.example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=myweb.example.com
Verify the certificate by opening your site in a web browser:
You notice the small padlock icon indicating that the connection to your instance is encrypted now.