Step 1: Install Apache2 Web Server

Apache is included in Ubuntu’s default software repositories. Start by updating your local package. Since we require a web server to install the Let’s Encrypt SSL certificate, I will be installing Apache2.

ubuntu@ubunu2004:~$ sudo apt update

 

Install the apache2 package using below command.

ubuntu@ubunu2004:~$ sudo apt install apache2

 

Below are the commands to enable or start the webserver.

ubuntu@ubunu2004:~$ sudo systemctl start apache2.service

 

ubuntu@ubunu2004:~$ sudo systemctl enable apache2.service

 

Now Check the status to see if apache service is running properly.

ubuntu@ubunu2004:~$ sudo systemctl status apache2.service

 

Step 2: Installing Certbot

We will first install Certbot. This is a command-line utility that allows us to obtain the certificate. It allows you to renew and obtain the SSL certificate whenever needed. It can be found in the official Ubuntu APT package repository.

Certbot is part EFF’s efforts to encrypt all of the Internet. Certbot and Let’s Encrypt are able to automate the process and allow you to turn on HTTPS and manage it with simple commands. Certbot and Let’s Encrypt are free to use, so you don’t need to make arrangements for payment. Certbot can be used as a client for Let’s Encrypt CA. It is fully featured and extensible. This client is compatible with UNIX-based operating system.

Start the installation process of Certbot and python3-certbot-apache, using the command given below.

ubuntu@ubunu2004:~$ sudo apt install certbot python3-certbot-apache

 

Step 3: Checking your Apache Virtual Host Configuration

Certbot will need to locate the correct virtualhost in your Apache configuration files.

Virtualhosts are a type hosting provider that specializes in virtual infrastructure solutions. This includes virtual servers, storage, and hybrid platforms that allow data, applications, and/or services to be hosted. It encompasses all technologies and service models that enable individuals and businesses to access computing infrastructure solutions and services via the Internet.

Create a virtualhost for your domain. Use gedit to edit the file demo.com.conf

ubuntu@ubunu2004:~$ sudo gedit /etc/apache2/sites-available/demo.com.conf

 

Copy the following configuration into the file. Replace demo.com by your domain name.

<VirtualHost *:80>

 

DocumentRoot /var/www/html/demo.com

 

ServerName demo.com

 

ServerAlias www.demo.com

 

<Directory /var/www/html/demo/>

 

Options FollowSymlinks

 

AllowOverride All

 

Require all granted

 

</Directory>

 

ErrorLog ${APACHE_LOG_DIR}/error.log

 

CustomLog ${APACHE_LOG_DIR}/access.log combined

 

</VirtualHost>

 

Save the file after you are done editing it and close it.

 

Use the below command to disable default virtualhost.

ubuntu@ubunu2004:~$ sudo a2dissite 000-default

 

Use the below command to enable the new virtualhost.

ubuntu@ubunu2004:~$ sudo a2ensite demo.com.conf

 

Use the below command to enable the rewrite.

ubuntu@ubunu2004:~$ sudo a2enmod rewrite

 

Restart apache web server to allow all changes to take place.

ubuntu@ubunu2004:~$ sudo systemctl restart apache2.service

 

Finally, run the below command to validate all the changes.

Step 4: Allowing HTTPS Through the Firewall

If you have firewall enabled, you need to run below command to allow the “Apache Full” profile and delete the redundant “Apache” profile

ubuntu@ubunu2004:~$ sudo ufw allow ‘Apache Full’

 

ubuntu@ubunu2004:~$ sudo ufw delete allow ‘Apache’

 

ubuntu@ubunu2004:~$ sudo ufw status

 

Finally, now we can run certbot to obtain certificate.

Step 5: Obtaining an SSL Certificate

The following command will get you an SSL certificate with Certbot. After running the certbot command you will first be asked for your email id.

ubuntu@ubunu2004:~$ sudo certbot –apache

 

Next, you need to agree to the terms of service by typing A and enter.

It will then ask you to share your email address with EFF (Electronic Frontier Foundation). Type Y if it is necessary or N if not.

Then, select the domain name which you would like to activate for HTTPS.

Finally, you will get the output like this where a certificate is getting generated.

 

Obtaining a new certificate

 

Performing the following challenges:

http-01 challenge for demo.com

http-01 challenge for www.demo.com

Enabled Apache rewrite module

Waiting for verification…

Cleaning up challenges

Created an SSL vhost at /etc/apache2/sites-available/demo.com.conf

Enabled Apache socache_shmcb module

Enabled Apache ssl module

Deploying Certificate to VirtualHost /etc/apache2/sites-available/demo.com.conf

Enabling available site: /etc/apache2/sites-available/demo.com.conf

Deploying Certificate to VirtualHost /etc/apache2/sites-available/demo.com.conf

Next, you will be asked to choose whether you want HTTP traffic to redirect to HTTPS. Enter 1 to disable redirection and 2 for redirection. This was the final step. If you did everything correctly, you will receive a message of congratulations.

 

Congratulations! You have successfully enabled https://demo.com and https://www.demo.com

 

Now your certificate has been installed and loaded into Apache. Reload your site using https:// to see your browser’s security indicator. Your site should be properly secured.

Step 6: Verifying Certbot Auto-Renewal

Let’s Encrypt certificates are valid for only ninety days. Installing Certbot will create a cronjob to renew any SSL certificate. You can run the command to check the status of the service.

ubuntu@ubunu2004:~$ sudo systemctl status certbot.timer

 

This command can be used to test the automatic renewal of your certificates.

ubuntu@ubunu2004:~$ sudo certbot renew –dry-run

 

If you see no errors, you’re all set. Certbot can renew your certificates and reload Apache if necessary to take over the changes.