How To Secure Apache with Let's Encrypt on Ubuntu 18.04

Let's encrypt:

SSL certificates are used within web servers to encrypt the traffic between the server and client, providing extra security for users accessing your application. Let’s Encrypt provides an easy way to obtain and install trusted certificates for free.

Prerequisites:

• An Ubuntu 18.04 server with a non-root sudo-enabled user, which you can set up by following our Initial Server Setup guide
• 
  
• The Apache web server installed with one or more domain names properly configured through Virtual Hosts that specify ServerName.

Step 1 — Install the Let's Encrypt Client:

Let's Encrypt certificates are fetched via client software running on your server. The official client is called Certbot, and its developers maintain their own Ubuntu software repository with up-to-date versions. Because Certbot is in such active development it's worth using this repository to install a newer version than Ubuntu provides by default.

First, add the repository:

$ sudo add-apt-repository ppa:certbot/certbot

You'll need to press ENTER to accept. Afterwards, update the package list to pick up the new repository's package information:

$ sudo apt-get update

And finally, install Certbot from the new repository

$ sudo apt-get install python-certbot-apache

The certbot Let's Encrypt client is now ready to use.

Step 2 — Set Up the SSL Certificate:

Make sure you have already setup Apache virutalHost with ServerName: linuxhowtoguide.blogsopt.com

To execute the interactive installation and obtain a certificate that covers only a single domain, run the certbot command like so, where example.com is your domain:

$ sudo certbot --apache -d linuxhowtoguide.blogspot.com -d www.linuxhowtoguide.blogsopt.com

If you have multiple virtual hosts, you should run certbot once for each to generate a new certificate for each. You can distribute multiple domains and subdomains across your virtual hosts in any way.

You should now be able to access your website using a https prefix.

Step 3 — Verifying Certbot Auto-Renewal:

Let’s Encrypt certificates only last for 90 days. However, the certbot package we installed takes care of this for us by running certbot renew twice a day via a systemd timer. On non-systemd distributions this functionality is provided by a cron script placed in /etc/cron.d. The task runs twice daily and will renew any certificate that's within thirty days of expiration.

To test the renewal process, you can do a dry run with certbot:

$ sudo certbot renew --dry-run

If you see no errors, you're all set. When necessary, Certbot will renew your certificates and reload Apache to pick up the changes.

Let's encrypt SSL installation done successfully. Now browse your website securely.