Apache HTTP

How to Secure Apache with Let’s Encrypt on Ubuntu 20.04

You have installed Apache on your Linux system, and now you want to secure it. This post is written for you then; this post will guide you on securing Apache with Let’s Encrypt. If you do not know what is Let’s Encrypt, Let’s Encrypt is a widely used CA(Certificate Authority) developed by the ISRG(Internet Security Research Group).

Let’s Encrypt helps in getting and installing free SSL certificates to automate the designed process on Apache and totally eliminate the manual installation, validation, creation, and renewal using the software client and Certbot.

Let’s Encrypt issues the certificate when an issue occurs, and the certificate stays valid for 90 days, and that certificate is trusted by almost all the major browsers nowadays. So, in this post, we will help you and guide you on how to install. Let’s Encrypt and secure Apache using it on Ubuntu 20.04 LTS Operating System.

Installation of Let’s Encrypt

For getting started with the installation of Let’s Encrypt, there are some prerequisites that you should must-have. For example,

  • You should have apache installed.
  • You should have a domain name(e.g., http://example.com) for which you want to get the certificate.

If you have fulfilled the requirements for getting started with the installation of Let’s Encrypt, follow the simple step-by-step guide.

Step 1: Install the Certbot

First, we will install the Certbot, a command-line utility and used to get the certificate. It helps to get and renew the SSL certificate when needed.

It is available in the official APT package repository of Ubuntu, and it can easily be downloaded and installed from there.

First, update the Ubuntu system’s cache repository by typing the command provided below:

$ sudo apt update

Start the installation process of Certbot and python3-certbot-apache, using the command given below:

$ sudo apt install certbot python3-certbot-apache

To confirm and begin the installation, type ‘y’ and press the ‘Enter’ key.

The Certbot is successfully and can be verified by typing the command given below:

$ certbot --version

You can witness that version 0.40.0 of Certbot is installed.

Step 2: Enable and Configure the firewall

To enable the firewall to allow HTTPS traffic for the configuration of the SSL certificate, we will use Ubuntu’s by default and pre-installed UFW to modify the firewall rules.

To know about the UFW rules currently running on the system, type the below-given command:

$ sudo ufw status

If the status is inactive, enable the ufw utility using the command:

$ sudo ufw enable

Now again, check the status:

It will show all the rules running, if there are any.

Now, allow the Apache Full using the command provided below:

$ sudo ufw allow 'Apache Full'

Check the status of UFW again to verify the configuration using the command mentioned below:

$ sudo ufw status

Alright! Now let’s get the SSL certificate using Certbot.

Step 3: Get the Let’s Encrypt SSL certificate

From a lot of options available for getting an SSL certificate, we will get the SSL certificate using the Certbot.

To get the SSL certificate using the Certbot, type the command given below:

$ sudo certbot --apache -d example.com -d www.example.com

The execution of the above command will prompt a couple of questions, so read them carefully and answer accordingly as per your requirements and needs.

First, provide the email address:

Next, Agree to the Terms of Service by typing A and pressing Enter:

Later, it will ask for sharing your email address with the EFF(Electronic Frontier Foundation), so type Y if you want to share or N if you do not want to share your email address:

After answering all the questions, the installation will start, and you will have the new SSL certificate.

Step 4: Verify the Certbot service status

Afterward, to verify the Certbot auto-renewal, just check the status of the service using the command:

$ sudo systemctl status certbot.timer

Step 5: Perform a dry run

If it is active, you can test the renewal process by doing a dry run using the certbot, using the command provided below:

$ sudo certbot renew --dry-run

If the above command did not throw any error, then you are all set.

Conclusion

This is how you can secure Apache with Let’s Encrypt on Ubuntu 20.04. This post provides a step-by-step guide on securing the Apache server with Let’s Encrypt using the Certbot, and you have learned how to get and renew the SSL certificate using the Certbot.

About the author

Shehroz Azam

A Javascript Developer & Linux enthusiast with 4 years of industrial experience and proven know-how to combine creative and usability viewpoints resulting in world-class web applications. I have experience working with Vue, React & Node.js & currently working on article writing and video creation.