Check this Out!Visit our social network pages for recent updates!

How To Use Let’s Encrypt To Secure Apache2 On Ubuntu

Here’s an assignment for students.

How to secure Apache2 web server with TLS/SSL certificates? This can be accomplished in many ways and there are many certificate categories to choose from.

However, all TLS/SSL certificates have the same goal – to protect sensitive information communicated across the network.

This brief tutorial is going to show you the easiest way to accomplish this without costing you anything.

Using certificates from Let’s Encrypt, we’ll be able to protect Apache2 web server with trusted certificates for free.

Step 1:  Install Server dependencies

Before you can get Let’s Encrypt to work, you must install Ubuntu server dependencies.

To do that, run the commands below to update your server.

sudo apt-get update

Download and install git so that we can download Let’s Encrypt packages

sudo apt-get install git

Step 2: download Let’s Encrypt Client

The next step is to download Let’s Encrypt client from its repository. What we’d like to do is download the client in the /opt directory. This is the appropriate place to put it.

sudo git clone /opt/letsencrypt

Change into Let’s Encrypt’s directory and begin to set it up.

cd /opt/letsencrypt

Step 3: Setup a new SSL Certificate for your sites

Step 3 is where you setup a new SSL certificate for your sites. To create a new certificate, the example command is shown below. This will secures only.

./letsencrypt-auto --apache -d

However, since most websites online today have both and setup, the correct process would be to create a certificate that covers both domains.

To do that, run the commands below.

./letsencrypt-auto --apache -d -d

If you run into trouble where Let’s Encrypt is unable to verify your domain, navigate to your Apache2 config file and add an alias for

sudo nano /etc/apache2/sites-enabled/000-default.conf

Add the highlighted line below. Also, make sure CNAME is defined at your host DNS entries.


Save your changes and try again. Hopefully, this time it was successful.

When prompted to select the type of installation, choose the secure installation. Selecting this will make sure www and non-www of your site are redirected to one domain.

If everything was successful, your site will then a valid SSL certificate. This certificate will need to be renewed every 3 months. Don’t worry, the process is as simple as installing it.

To trigger the renewal process, change into Let’s Encrypt directory and run the commands below.

cd /opt/letsencrypt
./letsencrypt-auto renew

Ofcouse you’ll want a better way to renew your certificate so you don’t have to do it manually every 3 months. To set up a process to it’s automatically renewed, create a cron job.

sudo crontab -e

Select an editor. To change later, run ‘select-editor’.
1. /bin/ed
2. /bin/nano <—- easiest
3. /usr/bin/vim.tiny

Choose 1-3 [2]:

Choose option 2 and add the line below

00 0 * * 0 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

Save your changes and you’re set.

Every Sunday at midnight, the job will try to renew your certificate.

That’s it! Enjoy!


Leave a Reply