Configuring Let's Encrypt with Apache on Ubuntu Bionic
- compute
- Let's-Encrypt
- Apache
- Ubuntu-Bionic
- SSL-certificates
Let’s Encrypt Overview
Let’s Encrypt is a certificate authority providing free SSL certificates. The creation, validation, installation is automated with certbot — all major browsers trust certificates issued by Let’s Encrypt.
In this tutorial you will learn how to create a website for Apache to serve, then secure the Apache web server on Ubuntu Bionic Beaver with a Let’s Encrypt certificate using certbot.
You may need certain IAM permissions to carry out some actions described on this page. This means:
- you are the Owner of the Scaleway Organization in which the actions will be carried out, or
- you are an IAM user of the Organization, with a policy granting you the necessary permission sets
- You have an account and are logged into the Scaleway console
- You have created an Instance
- You have a domain name pointing towards your Instance’s IP address (via an A or AAAA record)
- You have configured your SSH key
- You have sudo privileges or access to the root user.
Installing Apache
-
Connect to your Instance via SSH, and update the software already installed:
apt updateapt upgrade -y -
Install the Apache web server:
apt install apache2 -
Create a directory for the website. In this tutorial we use
myweb.example.com
. Replace it with your domain name whenever you see it:mkdir -p /var/www/html/myweb.example.com/public_html -
Create an index page for the website by running the following command:
nano /var/www/html/myweb.example.com/public_html/index.htmlThen copy the following content into the file, save it and exit nano:
<html><head><title>myweb.example.com</title></head><body><h1>New Website</h1><p>This is the new website of myweb.exaple.com</p></body></html> -
Create a configuration file for the website, by making a copy of the default configuration:
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/myweb.example.com.conf -
Open the file in a text editor:
nano /etc/apache2/sites-available/myweb.example.com.confE dit the following lines to match your configuration, add them to the file, save it and exit the editor:
ServerAdmin webmaster@myweb.example.comServerName myweb.example.comServerAlias www.myweb.example.comDocumentRoot /var/www/html/myweb.example.com/public_htmlOnce edited the file should look like this example:
-
Activate the new site:
a2ensite myweb.example.com -
Reload the Apache configuration to enable the new site:
systemctl reload apache2.service
Installing Certbot
Install Certbot via apt:
apt install certbot python3-certbot-apache -y
Running Certbot
-
Run Certbot to request a certificate for the domain name:
certbot --apacheCertbot will ask you a series of questions:
- Firstly, Certbot asks for your email address. Enter it and press
Enter
on your keyboard. - You will then be asked to agree to the terms of service. Do so by pressing
Y
. - Decide if you want to share your email address with the Electronic Frontier Foundation (EFF). Press
Y
for yes orN
for no. - Next, you will be asked for which domains you want to activate SSL. Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown.
- Certbot asks if all traffic should be forced to HTTPS. Type
1
for no or2
for yes. - The certificate is requested and the following message appears once it has been obtained:
Congratulations! You have successfully enabled https://myweb.example.comYou should test your configuration at:https://www.ssllabs.com/ssltest/analyze.html?d=myweb.example.com
- Firstly, Certbot asks for your email address. Enter it and press
-
Verify the certificate by opening your site in a web browser:
The small padlock icon indicates that the connection to your Instance is now encrypted.