How to Install and Configure Let's Encrypt SSL Certificate for Apache
Posted in: Apache, Linux, Security, SSL, Ubuntu, VPS

How to Install and Configure Let’s Encrypt SSL Certificate for Apache

In this guide, we will install the Let’s Encrypt SSL certificate for a domain. Here, we assume your website is running on an Apache server in Ubuntu. Here, we will make use of “snap” which is a bundle of an app with its dependencies that can work across many different Linux distribution without modification. Also, we will install “certbot” using snap.

This guide will also work for all popular Linux distributions like Debian with few adjustments in the commands. Here, we assume that you have access to the SSH of your server.

Installing and Updating the Snapd

First of all install snapd using the following command:

> sudo snap install core

After, ensure that the version of snapd is up to date:

> sudo snap refresh core

Installing Certbot using Snapd

Next, we will install “certbot” using snap. Before that, we would need to remove the existing “certbot” only if it already exists in the system:

> sudo apt-get remove certbot

The above command will not work if certbot doesn’t exist in your Linux distribution.

Now, we can install the “certbot” using snap with the following command:

> sudo snap install --classic certbot

After installing certbot, we will need to prepare the “certbot” command:

> sudo ln -s /snap/bin/certbot /usr/bin/certbot

The above command will enable the “certbot” command in the terminal that we are going to use in the next step.

Let’s Encrypt SSL Certificate Installation using Certbot for Apache

Now, we can run this command in order to get a certificate and let the certbot edit Apache configuration on its own automatically. Also, this will take care of turning on the HTTPS:

> sudo certbot --apache

After running this command, you will need to provide your email address where you will receive any notification related to SSL from Let’s Encrypt. Here, we are using “example@gmail.com” as an email address.

example@gmail.com

Then, agree to the terms with “Y” and enter. After, you can do “N” in case you don’t want to share your email address for feedback purposes.

Next, you will need to select your domain. Let’s assume our domain is “example.com”. Then, we will have to select both “example.com” and “www.example.com”.

All the domains that are configured on your existing Apache configuration will show up. Here, you will only have to select the domain where you want to install the Let’s Encrypt SSL certificate. In this case, it is “example.com” and “www.example.com”.

1,2

Here, we assume “1” and “2” belong to “example.com” and “www.example.com” respectively. So, we write “1,2” and hit enter.

Finally, you will see a successful message for installing the Let’s Encrypt SSL certificate on your domain.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://example.com and
https://www.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

You can also follow the certbot installation instructions from it’s official website.

Additionally, you can force SSL on your website with redirect all requests from http to https.

Testing the Auto-Renewal of SSL Certificate

The snap certbot packages that we have just installed on the server also come with the systemd timer. This will automatically renew your certificates before they expire.

This means you will not need to run certbot again unless you change the configuration. Now, to test the automatic renewal of your SSL certificates, run the following command:

> sudo certbot renew --dry-run

Also, we have a guide on how to install Cloudflare SSL for Apache that is also a free alternative to the Let’s Encrypt SSL.

If you face any trouble installing the Let’s Encrypt SSL certificate for your domain, then you may reach out to us using our contact form. We will get back to you as soon as possible.