How to Use Let’s Encrypt on Apache2

by Posted on
run multiple websites

Let’s encrypt is becoming popular.. how do you install it with Apache2?

This can be accomplished in many ways and there are many certificate categories to choose from.

However, all TLS/SSL certificates have the same goal – to protect sensitive information communicated across the network.

This brief tutorial is going to show you the easiest way to accomplish this without costing you anything.

Using certificates from Let’s Encrypt, we’ll be able to protect Apache2 web server with trusted certificates for free

Step 1:  Install Server dependencies

Before you can get Let’s Encrypt to work, you must install Ubuntu server dependencies.

To do that, run the commands below to update your server.

sudo apt-get update

Download and install git so that we can download Let’s Encrypt packages

sudo apt-get install git

Step 2: download Let’s Encrypt Client

The next step is to download Let’s Encrypt client from its repository. What we’d like to do is download the client in the /opt directory. This is the appropriate place to put it.

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Change into Let’s Encrypt’s directory and begin to set it up.

cd /opt/letsencrypt

Step 3: Setup a new SSL Certificate for your sites

Step 3 is where you setup a new SSL certificate for your sites. To create a new certificate, the example command is shown below. This will secures example.com only.

./letsencrypt-auto --apache -d example.com

However, since most websites online today have both example.com and www.example.com setup, the correct process would be to create a certificate that covers both domains.

To do that, run the commands below.

./letsencrypt-auto --apache -d example.com -d www.example.com

If you run into trouble where Let’s Encrypt is unable to verify your www.example.com domain, navigate to your Apache2 config file and add an alias for www.example.com

sudo nano /etc/apache2/sites-enabled/000-default.conf

Add the highlighted line below. Also, make sure CNAME is defined at your host DNS entries.

ServerName   example.com
ServerAlias  www.example.com

Save your changes and try again. Hopefully, this time it was successful.

When prompted to select the type of installation, choose the secure installation. Selecting this will make sure www and non-www of your site are redirected to one domain.

If everything was successful, your site will then a valid SSL certificate. This certificate will need to be renewed every 3 months. Don’t worry, the process is as simple as installing it.

To trigger the renewal process, change into Let’s Encrypt directory and run the commands below.

cd /opt/letsencrypt
./letsencrypt-auto renew

Ofcouse you’ll want a better way to renew your certificate so you don’t have to do it manually every 3 months. To set up a process to it’s automatically renewed, create a cron job.

sudo crontab -e

Select an editor. To change later, run ‘select-editor’.
1. /bin/ed
2. /bin/nano <—- easiest
3. /usr/bin/vim.tiny

Choose 1-3 [2]:

Choose option 2 and add the line below

00 0 * * 0 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

Save your changes and you’re set.

Every Sunday at midnight, the job will try to renew your certificate.

That’s it! Enjoy!

Published by Richard Zayzay

Hi, I'm Richard. In my spare time, I research topics that are interesting and worthwhile for users and students who want to try something new. I, too, am a student and my focus here is to help other students and new users get started with managing Ubuntu Linux, Windows, Content Management Systems (CMS) and others. I try to do my best explaining the topics and detailing the instructions so that anyone can understand. These tutorials may not work in all situations and for all users. However, if you run into trouble, please ask your questions below and I or someone from the community may help you resolve. Thanks for reading and hope you come back. ~Richard

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.