To set up Apache2 with Let’s Encrypt SSL certificates, you can use the Certbot tool, which automates the process of obtaining and installing free SSL certificates from Let’s Encrypt. The setup ensures that your Apache2 web server is secure with HTTPS, and Certbot will also manage automatic certificate renewal.
Here’s a step-by-step guide to set up Apache2 with Let’s Encrypt:
Update the Package List:
Make sure your system’s package list is up-to-date:
sudo apt update
Install Certbot and the Apache Plugin:
Install Certbot along with its Apache plugin by running the following command:
sudo apt install certbot python3-certbot-apache
This will install Certbot and the necessary modules to configure Apache2 automatically.
Once Certbot is installed, you can use it to request SSL certificates for your domain. This step will also automatically configure Apache2 to use HTTPS.
Run Certbot with the Apache Plugin:
To generate and install the SSL certificates, use this command:
sudo certbot --apache
Follow the Interactive Prompts:
Certbot will ask you a series of questions:
Once Certbot completes the installation, it will automatically reload Apache2 and apply the SSL certificate.
You can now visit your website using https://your-domain.com, and the browser should show a secure lock icon, indicating that the connection is secured with HTTPS.
Let’s Encrypt certificates are only valid for 90 days, but Certbot can automatically renew them. A renewal cron job should already be created after installation. You can check Certbot’s renewal process with the following command:
sudo certbot renew --dry-run
This command will simulate the renewal process and ensure it works without any issues. Certbot will automatically renew the certificates before they expire.
If you skipped the automatic redirect during the Certbot setup or want to enforce HTTPS manually, you can do so by editing your Apache virtual host file:
Open the virtual host configuration file:
sudo nano /etc/apache2/sites-available/000-default.conf
Add a redirect from HTTP to HTTPS by including the following configuration:
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
Save the file and restart Apache:
sudo systemctl restart apache2
This configuration will ensure that all HTTP requests are automatically redirected to HTTPS.
Check Certificate Status:
You can check the details of your SSL certificates with the following command:
sudo certbot certificates
Manually Renew Certificates:
If for any reason you need to manually renew the certificates, you can use:
sudo certbot renew
Revoke Certificates:
If you need to revoke a certificate for any reason:
sudo certbot revoke --cert-name example.com
If you need to add SSL certificates for additional domains, simply run the certbot command again, specifying the new domains:
sudo certbot --apache -d newdomain.com
You can add multiple domains at once by separating them with commas:
sudo certbot --apache -d example.com,www.example.com,sub.example.com