Secure Apache Web Server with Let’s Encrypt

Establishing a secure connection between client and server is a no more challenging job.   And even securing your basic web server will not cost you any extra charge. In fact, to increase the visitor in your blog, it is a good idea to set up your web server with encryption. With the complex configuration which used to be very difficult for the normal web server administrator, Let’s Encrypt plans to make the life more easier with just a few commands. The best part of this project is, you are securing your web server without any additional cost.

This tutorial will try to show you some basic encryption with TLS/SSL certificate from Let’s Encrypt in Ubuntu Apache Server.

Let’s Encrypt will issue certificates cross-signed by IdentTrust.

What you need?

  • Ubuntu Server with SUDO access
  • Apache Web Server with minimum one domain names and configured ServerName

we will start with Let’s Encrypt client installation. The official client is called Certbot.

However, it is recommended to use the official repository to install a newer version than default provided by Ubuntu.

Add the repository now with the following command.

sudo add-apt-repository ppa:certbot/certbot

Press ENTER and next step will be to update your system.

sudo apt-get update

And now it is time to install the client Certbot

sudo apt-get install python-letsencrypt-apache

The next step is to set up the SSL certificate. It is very simple. You will give the domain name as a parameter and Let’s Encrypt will do everything for you.

For the single domain, you can set up the SSL Certificate with the following command

sudo certbot --apache -d xyz.com

We can also install the single certificate for multiple domains using the following command.

sudo certbot --apache -d xyz.com -d www.xyz.com

Please change xyz.com with your domain name.

When the installation is done, you can test your server with https connection using the following link:

sudo https://www.ssllabs.com/ssltest/analyze.html?d=xyz.com

Please change xyz.com with your domain name.

Such certificate that you issued recently is valid normally for 3 months. That means you need to renew a certificate after your certificate is expired. Luckily renewing a certificate is as simple as installing a certificate.

Try the following command to test the renewal process.

sudo letsencrypt renew --dry-run --agree-tos

If the test is successful, now renew the certificate with the following command

sudo letsencrypt renew

Once the renewal is done, do not forget to restart Apache web server with

sudo service apache2 restart

However, this can be a boring task to renew the certificate manually every 3 months or so. Therefore, we will set up the cron job, which will perform this task automatically.

Create new crone job.

sudo vi /etc/cron.daily/letsencrypt-renew

add the following line

#!/bin/sh
if letsencrypt renew > /var/log/letsencrypt/renew.log 2>&1 ; then
   /etc/init.d/apache2 reload > /dev/null 2>&1
fi
exit

Save the file and change the access permissions to file system objects

sudo chmod +x /etc/cron.daily/letsencrypt-renew

Open the root user crontab and edit it. There you can include the recently created letsencrypt-renew file and set up the timer.

sudo crontab -e

Include the following line at the end of the file. The time slot can be changed.

01 02,14 * * * /etc/cron.daily/letsencrypt-renew

Save it.

Finally, we will discuss how to revoke your existing certificate using the command line.

Type the following command to revoke the existing license.

letsencrypt revoke --cert-path /etc/letsencrypt/live/<domain_name>/cert.pem

Change <domain_name> with your own domain name, form which you want to revoke the certificate.

That’s all regarding Let’s Encrypt certificate installation and removal in Apache Web Server.

Enjoy SSL. Enjoy encryption.

mm

Anup Chhetri

IT system administrator

You may also like...

error: Content is protected !!