Hello friends, I am writing this blog which will let you know how to secure apache with let's Encrypt on an Ubuntu . Lets begin with the following steps:
Step 1: Install server dependencies
Update local packages first:
sudo apt-get update
Now install Let's Encrypt client. In order to install it you need to install git. Enter the following command to install git:
sudo apt-get install git
Step 2: Download Let's Encrypt Client
Now, next we are going to download Let's Encrypt client. Enter the following command to clone Let's Encrypt repository under /opt
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
First access the letsencrypt directory:
cd /opt/letsencrypt
To obtain certificate that covers a single domain, run the following command where example.com is your domain
./letsencrypt-auto --apache -d example.com
If you want to use single certificate for multiple domains or subdomains that you can pass additional parameters to the command:
./letsencrypt-auto --apache -d example.com -d www.example.com
Here, base domain is example.com.
Now step by step guide will be given to customize certificate options. Following will be asked by the wizard. First to enter email address and second to choose http or https any of them
When the installation is done, you can find generated certificate files at /etc/letsencrypt/live. You can verify certificate by following link:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest
Step 4: Setup Auto Renewal
It is recommended that you renew certificates every 60 days since Let's Encrypt certificates are valid for 90 days. To renew it run the following command
./letsencrypt-auto renew
Following is the output of above command:
Checking for new version...
Requesting root privileges to run letsencrypt...
/home/brennen/.local/share/letsencrypt/bin/letsencrypt renew
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.com.conf
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem (skipped)
No renewals were attempted.
This is how you secure a website hosted with Apache using Let’s Encrypt
Thanks for reading the blog.