You are here

Home

How to Obtain and Install a Free SSL Certificate with Let's Encrypt on Apache Server

How to Obtain and Install a Free SSL Certificate with Let's Encrypt on Apache Server

Securing your website with an SSL certificate is essential. If you're using Apache on Ubuntu Server 16.04, we've got good news! You can get a free SSL certificate from ]]>Let's Encrypt]]>. This in-depth guide will walk you through each step.

Why Not StartSSL?

Though services like ]]>StartSSL]]> offer free certificates, many browsers have recently flagged their certificates. It's better to opt for a more universally accepted solution like Let's Encrypt.

Requirements:

  • Operating System: Ubuntu Server 16.04.
  • Web Server: Apache. In this guide, we have the domain "test.mytechnote.ru" configured.

Your Step-by-Step Guide:

1. Setting Up HTTPS on Apache:

First, we need to make sure Apache supports HTTPS.

a2enmod ssl
a2ensite default-ssl
service apache2 restart

2. Getting Let's Encrypt Ready:

Here's how you set up Let's Encrypt on your server using Git.

cd /usr/local
apt install git
git clone https://github.com/letsencrypt/letsencrypt

3. Requesting Your SSL Certificate:

Navigate to the Let's Encrypt directory and initiate your SSL certificate request::

cd letsencrypt/
./letsencrypt-auto certonly --apache -d test.mytechnote.ru

For those running multiple subdomains, you can request a certificate for each by adding more -d parameters. Ensure that each domain or subdomain is correctly pointed to your server.

4. Integrating SSL with Apache:

Edit your virtual host settings. The path might vary, but for this guide, here's where the settings are:

nano /etc/apache2/sites-available/000-default.conf

Here you can copy everything related to your site, which runs on the 80th port, change the port to 443, and add the following lines:

SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/test.mytechnote.ru/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/test.mytechnote.ru/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/test.mytechnote.ru/chain.pem
        <Location />
                SSLRequireSSL On
                SSLVerifyClient optional
                SSLVerifyDepth 1
                SSLOptions +StdEnvVars +StrictRequire
        </Location>

For an added layer of security, you can also redirect HTTP traffic to HTTPS using the rewrite module. Add this to the section with the site on the 80th port:

<Location />
                RewriteEngine on
                RewriteCond %{HTTPS} off
                RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
</Location>

Enable mod_rewrite:

a2enmod rewrite

Example of a complete configuration file:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
        ServerAdmin [email protected]
        DocumentRoot /var/www/test.mytechnote.ru
        ServerName test.mytechnote.ru
        DirectoryIndex index.html
        ServerAlias www.test.mytechnote.ru
        ErrorLog ${APACHE_LOG_DIR}/test.mytechnote.ruerror.log
        CustomLog ${APACHE_LOG_DIR}/test.mytechnote.ru.access.log combined
        <Location />
                RewriteEngine on
                RewriteCond %{HTTPS} off
                RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
        </Location>
</VirtualHost>
<VirtualHost *:443>
        ServerAdmin [email protected]
        DocumentRoot /var/www/test.mytechnote.ru
        ServerName test.mytechnote.ru
        DirectoryIndex index.html
        ServerAlias www.test.mytechnote.ru
        ErrorLog ${APACHE_LOG_DIR}/test.mytechnote.ru-error.log
        CustomLog ${APACHE_LOG_DIR}/test.mytechnote.ru-access.log combined
        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/test.mytechnote.ru/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/test.mytechnote.ru/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/test.mytechnote.ru/chain.pem
        <Location />
                SSLRequireSSL On
                SSLVerifyClient optional
                SSLVerifyDepth 1
                SSLOptions +StdEnvVars +StrictRequire
        </Location>
</VirtualHost>

Restarch web server:

/etc/init.d/apache2 restart

5. SSL Renewal Automation:

SSL certificates from Let's Encrypt are valid for 90 days. Automate the renewal process with a cron job:

crontab -e

Add this line:

0 0,12 * * * /bin/bash /usr/local/letsencrypt/letsencrypt-auto renew

This ensures that your server checks for certificate renewals twice daily.

In Conclusion:

Your website's security is now amplified with an SSL certificate from Let's Encrypt. Don’t forget to check for the padlock symbol in your browser, a sign of a secured site!

The certificate has passed the check.

Encountered any issues during the setup? We'd love to hear from you in the comments. For more in-depth server and security guides, browse our blog.

Tags:

0 0
21.05.2017

Share the article with your friends in social networks, maybe it will be useful to them.

If the article helped you, you can >>thank the author<<