Skip to content

Website & Server Help

Unlimited Webspace Help

Menu
  • Home
  • Apps
  • Website
    • Sending email from a WordPress website hosted on an IONOS server
    • How to increase Upload Max Filesize
    • How to reset a WordPress password
    • 22 Ways To Speed-Up A Plesk Website
  • Server
    • Linux or Plesk Server Error 500
    • Windows Server: File cannot be loaded. The file is not digitally signed.
    • Adding or modifying IP addresses on a Linux server
    • Installing Remote Desktop on Debian 12
    • Installing Remote Desktop on Ubuntu 22.04
    • How To Install a Let’s Encrypt SSL in Apache on Debian/Ubuntu
  • Favs
    • How to Connect to a Server
    • The Ultimate Guide to Setting Up a Proper Plesk Email Server With IONOS
    • The Ultimate IONOS Migration Guide
    • Help! My Plesk Websites Are Down!
    • Running tests for a slow server or dropped packets
    • Checking File System and Hard Drive Health
Menu

How To Install a Let’s Encrypt SSL in Apache on Debian/Ubuntu

Posted on March 22, 2023March 22, 2023 by admin

Let’s Encrypt is a free, automated, and open certificate authority (CA) that provides TLS/SSL certificates for web servers. It simplifies the process of obtaining and installing certificates by providing a software client called Certbot that automates most of the steps.

In this guide, you will learn how to use Certbot to secure your Apache web server with Let’s Encrypt on Debian or Ubuntu.

If you already have your own SSL files (private key, public key, intermediate key) then you can follow this guide instead.

Prerequisites

Before you begin, you will need:

  • A Debian or Ubuntu server with sudo access.
  • A fully registered domain name that points to your server’s IP address. For example, your_domain.com and www.your_domain.com. You can use any domain registrar of your choice.
  • Apache installed and running on your server.
  • A virtual host file for your domain in /etc/apache2/sites-available/. For example, /etc/apache2/sites-available/your_domain.conf.

Step 1: Installing Certbot

The first step is to install Certbot on your server. Certbot is available as a snap package for Debian, which is an easy way to install software that is always up-to-date.

To install Certbot as a snap package, you need to have snapd installed on your server. snapd is a daemon that allows you to manage snaps.  Snap packages are a modern approach that work on nearly all Linux distributions and provide up-to-date versions of software.

To install snapd, run the following command as sudo:

sudo apt update
sudo apt install snapd
sudo snap install core

Once snapd is installed, you can install Certbot with this command:

sudo snap install --classic certbot

This will download and install Certbot as a snap package.

To make sure Certbot is installed correctly, run this command:

sudo certbot --version

You should see something like this:

certbot 1.29.0

This means Certbot is installed successfully.

Step 2: Setting Up SSL Configuration in Apache

Before obtaining an SSL certificate from Let’s Encrypt, you need to make sure that your Apache virtual host file has a ServerName directive that matches your domain name.

To check your virtual host file, open it with your preferred text editor. For example:

sudo nano /etc/apache2/sites-available/your_domain.conf

Look for the line that starts with ServerName and make sure it has your domain name after it. For example:

ServerName your_domain.com

If you have multiple domains or subdomains that point to the same server, you can also add them as ServerAlias directives below the ServerName. For example:

ServerAlias www.your_domain.com blog.your_domain.com

This will allow you to obtain one certificate for multiple domains or subdomains.

Save and close the file when you are done editing it.

Next, enable the SSL module for Apache with this command:

sudo a2enmod ssl

This will enable HTTPS connections on your web server.

Restart Apache for the changes to take effect:

sudo systemctl restart apache2.service

Step 3: Obtaining an SSL Certificate

To obtain an SSL certificate from Let’s Encrypt using Certbot, you need to use the --apache plugin that will automatically configure Apache for HTTPS.

To do so, run this command as sudo:

sudo certbot --apache

This will start an interactive process that will ask you a few questions.

First, you will be asked to enter your email address. This is used for sending renewal reminders and security notices. Enter a valid email address and press ENTER.

Next, you will be asked to agree to the terms of service. Press A and then ENTER to agree.

Then, you will be asked if you want to share your email address with the Electronic Frontier Foundation (EFF), a nonprofit organization that advocates for digital rights. You can choose Yes or No depending on your preference.

After that, Certbot will scan your Apache configuration files and display a list of domains that it can obtain certificates for. You can choose to obtain a certificate for one or more domains by entering their corresponding numbers separated by commas. For example:

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - -
1: your_domain.com
2: www.your_domain.com
3: blog.your_domain.com
- - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave inputblank to select all options shown (Enter 'c' to cancel): 1,2

This will obtain a certificate for your_domain.com and www.your_domain.com.

Alternatively, you can leave the input blank and press ENTER to select all options shown.

Finally, Certbot will ask you how you want to configure your HTTPS settings. You have two options:

  • Easy: This option will redirect all HTTP traffic to HTTPS automatically. This is recommended for most websites as it provides better security and performance.
  • Secure: This option will make all requests for HTTP fail with an error message. This is more secure but may cause compatibility issues with some clients.

Choose your preferred option by typing 1 or 2 and pressing ENTER.

Certbot will then obtain an SSL certificate for your domain(s) and configure Apache to use it. It will also create a cron job that will automatically renew your certificate before it expires.

You should see a message like this when the process is complete:

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/your_domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/your_domain.com/privkey.pem
Your cert will expire on 2022-01-01. To obtain a new or tweakedversion of this certificate in the future, simply run certbot againwith the "certonly" option. To non-interactively renew *all* ofyour certificates, run "certbot renew"
- Your account credentials have been saved in your Certbotconfiguration directory at /etc/letsencrypt. You should make asecure backup of this folder now. This configuration directory willalso contain certificates and private keys obtained by Certbot somaking regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

This means that your SSL certificate is successfully installed and configured!

Special Offer

The internet's fastest, cheapest, unlimited bandwidth VPS

VPS
1core | 1GB RAM | 10GB NVMe
Unlimited Bandwidth | 1Gbps
$2/month - risk free