Enabling secure communication on your Apache web server is one of the first things that you should do while setting it up. This does not have to cost a fortune. As a matter of fact, you can actually obtain SSL/TLS certificates from Let's Encrypt and you do not have to pay anything.
Let's Encrypt is a nonprofit initiative (courtesy: Internet Security Research Group) that aims to provide free digital certificates to enable HTTPS for websites. In this tutorial, we will show you how to enable HTTPS for Apache2 hosted websites running on Ubuntu 20.04.
- Apache2 hosted website running on Ubuntu 20.04
- A user account with sudo capabilities
Install Certbot Snap
Put simply, snaps are self-contained apps that can run on multiple Linux distributions. The Certbot snap is a tool that automates the task of obtaining free SSL/TLS certificates from Let's Encrypt. You only need to run the Certbot tool once and you will enjoy free SSL/TLS certificates forever.
Snap comes pre-installed on Ubuntu 20.04. Firstly, run the commands below to update snapd which is a background process that manages snaps.
$ sudo snap install core
$ sudo snap refresh core
If applicable, run the following command to remove any existing certbot apps which may have been previously installed using the apt or apt-get utility. This is to avoid conflicts.
$ sudo apt remove certbot
After that, the Certbot snap can be easily installed with the command below.
$ sudo snap install --classic certbot
To ensure that the certbot command works properly, create a symbolic link as follows.
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Install Certificates from Let's Encrypt
And here comes the best part. When you run the simple command below, you will get a certificate from Let's Encrypt. In addition, Certbot will automatically update your Apache configuration to enable HTTPS for your websites.
$ sudo certbot --apache
Once executed, you would be asked to provide basic information such as your email address where certificate renewal notices should be sent to. Most importantly, certbot will ask you to choose the domain names for which you would like to enable HTTPS.
After the Certbot tool runs successfully, a message will be displayed indicating that HTTPS was enabled for your specified domains.
Run the next command and you will see that certbot automatically created SSL configuration files accordingly.
$ sudo ls /etc/apache2/sites-available
To test the SSL configuration, visit your website in a web browser. If you see a lock icon, everything is in order.
Renewal of Let's Encrypt Certificates
Your certificates will be stored in /etc/letsencrypt/live/yourdomain.com. Certbot will automatically renew your certificates before they expire. Nevertheless, you can run the next command to test the automatic renewal process.
$ sudo certbot renew --dry-run
In this guide, we showed how to secure Apache with free SSL/TLS certificates from Let's Encrypt on Ubuntu 20.04. By using certbot, you can rest assured that HTTPS will always be enabled for your websites as you do not even have to worry about manual renewals.