Install SSL apachePosted about 4 years ago 1.7k
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.
This tutorial will show you how to set up a TLS/SSL certificate from Let’s Encrypt on an Ubuntu 16.04 server running Apache as a web server.
We need to add a repository, for this first of all install the software-properties-common package. For our Ubuntu version, I also had to install the python-software-properties package:
apt-get install software-properties-common python-software-properties
Then then add the PPA, update your sources, and upgrade your the package:
And finally, install Certbot from the new repository with apt-get:
apt-get install python-certbot-apache
The certbot Let's Encrypt client is now ready to use.
Set Up the SSL Certificate
Generating the SSL certificate for Apache using Certbot is quite straightforward. The client will automatically obtain and install a new SSL certificate that is valid for the domains provided as parameters.
To execute the interactive installation and obtain a certificate that covers only a single domain, run the command:
certbot --apache -d yourdomain.ltd
If you have multiple virtual hosts, you should run this command once for each to generate a new certificate for each.
Verifying Certbot Auto-Renewal
By default, SSL certificates issued by Let’s Encrypt are valid for 90 days. So it is recommended to renew the certificate before the expiration date. However, the certbot package we installed takes care of this for us by running certbot renew twice a day via a systemd timer.
To test the renewal process, you can do a dry run with certbot:
certbot renew --dry-run
If you see no errors, you're all set. When necessary, certbot will renew your certificates and reload Apache to pick up the changes.