HTTPS implementation on Apache Ubuntu with let’s encrypt
HTTPS implementation is very important to make a secure connection between server and client .
In nutshell, either server or client (browser) have secret key to encrypt and decrypt an incoming request or outgoing request / message. At this time i will give a simple demo how to make HTTPS using lets encrypt on Ubuntu 20.04.
- Instal apache2
sudo apt update
sudo apt install apache2
sudo ufw allow ‘Apache Full’sudo ufw allow sshsudo ufw app listsudo ufw enablesudo ufw status
2. Install letsencrypt
Follow this link : https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal
On dropdown choose apache and ubuntu
localhost:~$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)(Enter 'c' to cancel): example@gmail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): example.com, www.example.com
Requesting a certificate for example.com and www.example.comSuccessfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2022-08-12.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.Deploying certificate
Successfully deployed certificate for example.com to /etc/apache2/sites-available/example-conf-ssl.confWe were unable to find a vhost with a ServerName or Address of www.example.com.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: 000-default.conf | | | Enabled
2: example-conf-ssl.conf | example.com | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Successfully deployed certificate for www.example.com to /etc/apache2/sites-available/example-conf-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://example.com and https://www.example.com- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
3. Check on /etc/apache2/sites-available/example-conf-ssl.conf.
the result should be like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
# ServerName www.example.com#ServerAdmin www.example.com
DocumentRoot /var/www/html# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warnErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.confServerName example.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias www.example.com
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
5. Access the domain :
www. example.com
6. Add another domain : myworld.com
sudo certbot — apache -d myworld.com -d www.myworld.com
localhost:~$ sudo certbot --apache -d myworld.com -d www.myworld.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for myworld.com and www.myworld.comSuccessfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/myworld.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/myworld.com/privkey.pem
This certificate expires on 2022-08-12.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.Deploying certificate
We were unable to find a vhost with a ServerName or Address of myworld.com.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: 000-default.conf | | | Enabled
2: example-conf-ssl.conf | Multiple Names | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Successfully deployed certificate for myworld.com to /etc/apache2/sites-enabled/example-conf-ssl.confWe were unable to find a vhost with a ServerName or Address of www.myworld.com.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: 000-default.conf | | | Enabled
2: example-conf-ssl.conf | Multiple Names | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Successfully deployed certificate for www.myworld.com to /etc/apache2/sites-enabled/example-conf-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://myworld.com and https://www.myworld.com- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7. Modify example-conf-ssl.conf on directory /etc/apache2/sites-available.
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com#ServerAdmin webmaster@localhost
#ServerAdmin www.example.com
DocumentRoot /var/www/html# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warnErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.confServerName example.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias www.example.com
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost><VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
# ServerName www.example.com#ServerAdmin webmaster@localhost
#ServerAdmin www.myworld.com
DocumentRoot /var/www/html# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warnErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.confServerName myworld.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias www.myworld.com
SSLCertificateFile /etc/letsencrypt/live/myworld.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myworld.com/privkey.pem
</VirtualHost></IfModule>
8. Restart apache:
sudo systemctl restart apache2