TECHOREVIEW

How to secure Apache 2 with Let’s Encrypt on Ubuntu 20.04?

How to secure Apache 2 with Let’s Encrypt on Ubuntu 20.04?

Spread the love

A certificate authority known as Let’s Encrypt demonstrates an easy method to get and install certificates for encrypting HTTPS on web servers. A software client called Certbot is used in automating the required steps for this process. It can also change the data in your webserver. The major role of Let’s Encrypt is to avoid all the errors during the function of the web servers. It enables the website to run efficiently and smoothly. Smooth browsing gives the user the best experience.  The visitors can easily view the webserver without any interference and errors. The installation of certificates on Nginx and Apache is fully automatic. I will show you how to secure your Apache server with a free SSL certificate on Ubuntu 20.04.

Let’s Encrypt will secure the website if the user uses a separate file instead of the Apache file. We will be using different Apache server configuration files as it helps in avoiding the common mistakes and also helps in maintaining the default configuration files as a fallback option.

Requirements:

Your server should be supported by the wireless network.

You can select a domain name of your choice.
Also, you will need to have a working Apache 2 installed on your Ubuntu machine.

You need a domain name that should be fully registered. If you don’t have a domain name, you can easily buy it from Namecheap. I am using the mytest1 domain. However, you might not be able to use this as this is a temporary working domain. You can use your own domain name.

You should have a working Python or Python 3 on your Ubuntu machine. By default, Ubuntu 20.04 comes with Python 3 package.

If you have set up Cloudflare on your server, then in order to run Let’s Encrypt on your server, you will have to pause Cloudflare; otherwise, there will be an error while setting up certificates for SSL.

Step 1:

Always update your APT at the start of installation.

Command: $ sudo apt update

Step 2:

Now, upgrade your APT.

Command: $ sudo apt upgrade

Step 3:

You need to check your Apache Virtual Host Configuration by finding the correct and secure file. For this purpose, you need to check your host file. The host file consists of a domain that you can edit. If your server name is already established, you may move on to the next stage. If your server name is not mentioned, you can update it with the help of the following command.

Command: $ sudo nano /etc/apache2/sites-available/mytest1.conf

Now here you should be able to find ServerName and ServerAlias and check if your domain is assigned correctly. Now run the two commands given below to verify the changes and reload apache2 service.

Command: $ sudo apache2ctl configtest

Command: $ sudo systemctl reload apache2

Note: An error can also occur due to the missing letters or typing mistakes. For this purpose, you can reopen the file and correct the mistakes.

The changes are made to assist the Certbot to function efficiently and find the correct VirtualHost.

Step 4: Allowing HTTPS Through the Firewall

The next step is to make some adjustments to allow the flow of HHTPS traffic. For this purpose, click on allow Apache full profile.

Command: $ sudo ufw allow ‘Apache Full’

Configuration testing is finished. You can analyze the authenticity by using different tools. You must be sure about the security of your website by applying a lock in your address bar.
Now install the software properties common dependency package, I have already installed it, but you can install it via the following terminal command. This is a must to install as it contains all the dependencies necessary for certbot installation

Command: $ sudo apt install software-properties-common

Step 5:

The next step is to verify and grade your certificate to check its efficiency. SSL Labs Server Test is used to check the detailed information about the certificate. Now in order to download Certbot, you will need to add its repository to the APT on your Ubuntu machine via the following command.

Command: $ sudo add-apt-repository universe && sudo add-apt-repository ppa:certbot/certbot

Step 6:

Now, download and install a Certbot software tool that will help you to get an SSL certificate from Let’s Encrypt. Execute the following terminal command for installing Certbot via APT. If prompted with a condition, press y to continue the installation. When the installation finishes, you will receive a confirmation message. This message will consist of all the details that you should know. It tells you about the expiry date and how to configure your certificate.

Command: $ sudo apt install certbot python3-certbot-apache

Step 7:

You will need to obtain a certificate for the test domain “mytest1,” which is the default testing domain that arrives with the apache2 installation. The Certbot tool has a particular plugin for Apache, which enables it to install the necessary certificates. Execute the following terminal command to get a certificate for apache2.

Command $ sudo certbot –apache

You will be prompted with a window where it asks for an email. Certbot is ready to run, providing you the certificate.  Then provide your email address. You can also subscribe by pressing Y. You will have to insert a working email in order to continue the setup. This email address will be used as a contact if there are any security notices regarding the certbot certificate.

After you insert your email, it will ask for condition Agree or Disagree to Terms of service. Press A to agree and Enter to continue to the next step.

You will be prompted with sharing your email address with the EFF, so either press Yes or No and press Enter to continue to the next window. You can receive the news or updates if you would like to share your email address.

Now comes the real deal, you will be prompted with all the server names present in your apache list as we are using mytest1.com with its prefix that is www. (world-wide-web). You can whichever option satisfies your desired apache server name. It will obtain the necessary certificates for the server based on apache configuration files. Select ENTER to move on to the next step of choosing the domain.

You need to inform the Certbot about your domain and server name, or else your HTTPS will be supported by all the domain names. Also, you should be very sure about your Servername and server alias in your virtual host. You can also choose the domains of your choice to enable HTTPS. Press ENTER to move on to the next step. Moreover, you will be asked to select option 1 or 2. Click on one if you do not want to redirect the HHTP traffic to your website. Click two if you want to redirect HTTP traffic to your website.

Step 8: Auto-Renewal of certificates

Another important feature of Certbot is to renew your certificate before its expiry date. Before running this feature, you must test this auto-renewal feature. As you know, the certificate is functional for the limit of 90 days. After this time period, your certificate will get expire, and you need to install and register the new one. 

To avoid this problem, we can use the auto-renewal feature of Certbot. It can also expire if your certificate is misused. If this feature fails to function, then an email will be sent to you. This email will consist of a warning letter telling you about the expiry date of your certificate. You can also install a package that runs twice a day and will automatically renew your data and certificate when the expiry date will appear to come.

 The following terminal command will ensure the renewal of certificates as they expire in 90 days.

Command $: sudo certbot renew –dry-run

Conclusion:

In this tutorial, I have shown you how to install certbot and secure your apache server with certbotI. I have also shown you how to apply the renewal of certificates service. This is the best tool to be used to secure your server name. If you have any queries regarding this tutorial, please comment below.

Read more from TechoReview.

Author Info:

My name is Akhunzada Younis Said. I am a software project manager in HAZTECH, a software engineering graduate and a content writer. I love working with Linux, Data science and open-source software.

Leave a Comment

Your email address will not be published. Required fields are marked *