Ástþór IPIn this tutorial we’ll install the Debian Linux 9 (squeeze), Apache 2 with mpm-itk (to run each web as a isolated user),...
How to set up Let’s Encrypt SSL certificate for a site hosted on Apache web server
Ástþór IP
Let’s Encrypt is a certificate authority that provides free SSL/TLS certificates that are instantly validated and signed and can be used to secure your web site. Certificates are valid for 90 days but you can easily set up a task to handle the renewal automatically.
Compatibility
This tutorial has been tested on the following Linux distributions:
Debian Linux 9 (Stretch)
Debian Linux 8 (Jessie)
Last updated:
26th of March 2018
We’ll use the certbot to handle the verification and deployment, so the first step is to install certbot.
1. Add the jessie backports apt repository (not needed when running Debian Linux 9, stretch)
echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list
apt-get update
2. Install certbot
For Debian Linux 9 (stretch), use the following command:
apt-get install python-certbot-apache
For Debian Linux 8 (jessie), use the following command:
apt-get install -t jessie-backports python-certbot-apache
3. Now that we have certbot installed, let’s request the certificate
certbot --authenticator webroot --installer apache
You will get a list of available hosts that are currently being served by the Apache web server, similar to this:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: example.org
2: www.example.org
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):Type a comma seperated list of the hosts that should be included in the certificate, example: 1,2.
4. Select the webroot for each of the selected hosts. The webroot is the base directory for the web site and is required for the verification process. Each domain may or may not have a different webroot.
Once the webroot directories have been verified certboot will automatically request the certificates and create files on the server containing the keys and certificate.
5. In the next step you’ll be asked if HTTPS is required or not. If HTTPS will be required, certbot will configure apache to redirect http requests to the sites to https. Choose whatever suits your needs here.
6. Now you’ll be able to access your hosts on https, ex. https://example.org
7. The certificate will expire in 90 days from now. You can manually renew the certificates using the same certbot command but it preferred to add a cronjob to handle that automatically.
Open up crontab with your favorite text editor:
crontab -e
And add the following line at the end of the filw:
30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
That’s it, now your site is secure and the certificate will be renewed automatically.
Comments
0
There are currently no comments.