Home Applications How To Use Let’s Encrypt To Secure Apache2 On Ubuntu

How To Use Let’s Encrypt To Secure Apache2 On Ubuntu

by admin

Here’s an assignment for students.

How to secure Apache2 web server with TLS/SSL certificates? This can be accomplished in many ways and there are many certificate categories to choose from.

However, all TLS/SSL certificates have the same goal – to protect sensitive information communicated across the network.

This brief tutorial is going to show you the easiest way to accomplish this without costing you anything.

Using certificates from Let’s Encrypt, we’ll be able to protect Apache2 web server with trusted certificates for free.

Step 1:  Install Server dependencies

Before you can get Let’s Encrypt to work, you must install Ubuntu server dependencies.

To do that, run the commands below to update your server.

sudo apt-get update

Download and install git so that we can download Let’s Encrypt packages

sudo apt-get install git

Step 2: Download Let’s Encrypt Client

The next step is to download Let’s Encrypt client from its repository. What we’d like to do is download the client in the /opt directory. This is the appropriate place to put it.

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Change into Let’s Encrypt’s directory and begin to set it up.

cd /opt/letsencrypt

Step 3: Setup a new SSL Certificate for your sites

Step 3 is where you setup a new SSL certificate for your sites. To create a new certificate, the example command is shown below. This will secures example.com only.

./letsencrypt-auto --apache -d example.com

However, since most websites online today have both example.com and www.example.com setup, the correct process would be to create a certificate that covers both domains.

To do that, run the commands below.

./letsencrypt-auto --apache -d example.com -d www.example.com

If you run into trouble where Let’s Encrypt is unable to verify your www.example.com domain, navigate to your Apache2 config file and add an alias for www.example.com

sudo nano /etc/apache2/sites-enabled/000-default.conf

Add the highlighted line below. Also, make sure CNAME is defined at your host DNS entries.

ServerName   example.com
ServerAlias  www.example.com

Save your changes and try again. Hopefully, this time it was successful.

When prompted to select the type of installation, choose the secure installation. Selecting this will make sure www and non-www of your site are redirected to one domain.

If everything was successful, your site will then a valid SSL certificate. This certificate will need to be renewed every 3 months. Don’t worry, the process is as simple as installing it.

To trigger the renewal process, change into Let’s Encrypt directory and run the commands below.

cd /opt/letsencrypt
./letsencrypt-auto renew

Ofcouse you’ll want a better way to renew your certificate so you don’t have to do it manually every 3 months. To set up a process to it’s automatically renewed, create a cron job.

sudo crontab -e

Select an editor. To change later, run ‘select-editor’.
1. /bin/ed
2. /bin/nano
3. /usr/bin/vim.tiny

Choose 1-3 [2]:

Choose option 2 and add the line below

00 0 * * 0 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

Save your changes and you’re set.

Every Sunday at midnight, the job will try to renew your certificate.

That’s it! Enjoy!

You may also like the post below:

How To Install WordPress On Ubuntu Servers

You may also like