Thursday 2 June 2016

Secure Apache with Let's Encrypt on Ubuntu

Hello friends, I am writing this blog which will let you know how to secure apache with let's Encrypt on an Ubuntu . Lets begin with the following steps:

Step 1: Install server dependencies

Update local packages first:
    

  1. sudo apt-get update 
    2.
Now install Let's Encrypt client. In order to install it you need to install git. Enter the following command to install git:
    

  1. sudo apt-get install git 
    2.

Step 2: Download Let's Encrypt Client

Now, next we are going to download Let's Encrypt client. Enter the following command to clone Let's Encrypt repository under /opt
    

  1. sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt 
    2.
First access the letsencrypt directory:
    

  1. cd /opt/letsencrypt 
    2.
 To obtain certificate that covers a single domain, run the following command where example.com is your domain
    

  1. ./letsencrypt-auto --apache -d example.com 
    2.
If you want to use single certificate for multiple domains or subdomains that you can pass additional parameters to the command:
    

  1. ./letsencrypt-auto --apache -d example.com -d www.example.com 
    2.
Here, base domain is example.com.

Now step by step guide will be given to customize certificate options. Following will be asked by the wizard. First to enter email address and second to choose http or https any of them
When the installation is done, you can find generated certificate files at /etc/letsencrypt/live. You can verify certificate by following link:

    

  1. https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest
    2.

Step 4: Setup Auto Renewal


It is recommended that you renew certificates every 60 days since Let's Encrypt certificates are valid for 90 days. To renew it run the following command

    

  1. ./letsencrypt-auto renew
    2.
Following is the output of above command:

    

  1. Checking for new version...
    2. 

  2. Requesting root privileges to run letsencrypt...
    3. 

  3.    /home/brennen/.local/share/letsencrypt/bin/letsencrypt renew
    4. 

  4. 

  5.    -------------------------------------------------------------------------------
    6. 

  6.    Processing /etc/letsencrypt/renewal/example.com.conf
    7. 

  7.    -------------------------------------------------------------------------------
    8. 

  8. 

  9.    The following certs are not due for renewal yet:
    10. 

  10.      /etc/letsencrypt/live/example.com/fullchain.pem (skipped)
    11. 

  11.      No renewals were attempted.
    12.

This is how you secure a website hosted with Apache using Let’s Encrypt

Thanks for reading the blog.
- See more at: http://findnerd.com/list/view/Secure-Apache-with-Let-s-Encrypt-on-Ubuntu/18795/#sthash.u9ZYQtI9.dpuf
Posted by at No comments:
Subscribe to: Posts (Atom)