configure apache lets encrypt

Configuring Let's Encrypt with Apache on Ubuntu Bionic

Published on 23 May 2019

compute
Let's-Encrypt
Apache
Ubuntu-Bionic
SSL-certificates

Let’s Encrypt Overview

Let’s Encrypt is a certificate authority providing free SSL certificates. The creation, validation, installation is automated with certbot — all major browsers trust certificates issued by Let’s Encrypt.

In this tutorial you will learn how to create a website for Apache to serve, then secure the Apache web server on Ubuntu Bionic Beaver with a Let’s Encrypt certificate using certbot.

Security & Identity (IAM):

You may need certain IAM permissions to carry out some actions described on this page. This means:

you are the Owner of the Scaleway Organization in which the actions will be carried out, or
you are an IAM user of the Organization, with a policy granting you the necessary permission sets

Requirements:

You have an account and are logged into the Scaleway console
You have created an Instance
You have a domain name pointing towards your Instance’s IP address (via an A or AAAA record)
You have configured your SSH key
You have sudo privileges or access to the root user.

Installing Apache

Connect to your Instance via SSH, and update the software already installed:
```
apt update
apt upgrade -y
```
Install the Apache web server:
```
apt install apache2
```
Create a directory for the website. In this tutorial we use myweb.example.com. Replace it with your domain name whenever you see it:
```
mkdir -p /var/www/html/myweb.example.com/public_html
```

Create an index page for the website by running the following command:

nano /var/www/html/myweb.example.com/public_html/index.html

Then copy the following content into the file, save it and exit nano:

<html>
  <head>
    <title>myweb.example.com</title>
  </head>
  <body>
    <h1>New Website</h1>
    <p>This is the new website of myweb.exaple.com</p>
  </body>
</html>

Create a configuration file for the website, by making a copy of the default configuration:

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/myweb.example.com.conf

Open the file in a text editor:
```
nano /etc/apache2/sites-available/myweb.example.com.conf
```
E dit the following lines to match your configuration, add them to the file, save it and exit the editor:
```
ServerAdmin webmaster@myweb.example.com
ServerName myweb.example.com
ServerAlias www.myweb.example.com
DocumentRoot /var/www/html/myweb.example.com/public_html
```
Once edited the file should look like this example:
Activate the new site:
```
a2ensite myweb.example.com
```
Reload the Apache configuration to enable the new site:
```
systemctl reload apache2.service
```

Installing Certbot

Install Certbot via apt:

apt install certbot python3-certbot-apache -y

Running Certbot

Run Certbot to request a certificate for the domain name:
```
certbot --apache
```
Certbot will ask you a series of questions:
- Firstly, Certbot asks for your email address. Enter it and press Enter on your keyboard.
- You will then be asked to agree to the terms of service. Do so by pressing Y.
- Decide if you want to share your email address with the Electronic Frontier Foundation (EFF). Press Y for yes or N for no.
- Next, you will be asked for which domains you want to activate SSL. Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown.
- Certbot asks if all traffic should be forced to HTTPS. Type 1 for no or 2 for yes.
- The certificate is requested and the following message appears once it has been obtained:
```
Congratulations! You have successfully enabled https://myweb.example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=myweb.example.com
```
Verify the certificate by opening your site in a web browser:

The small padlock icon indicates that the connection to your Instance is now encrypted.