Secure Apache Web Server with Let’s Encrypt
Establishing a secure connection between client and server is a no more challenging job. And even securing your basic web server will not cost you any extra charge. In fact, to increase the visitor in your blog, it is a good idea to set up your web server with encryption. With the complex configuration which used to be very difficult for the normal web server administrator, Let’s Encrypt plans to make the life more easier with just a few commands. The best part of this project is, you are securing your web server without any additional cost.
This tutorial will try to show you some basic encryption with TLS/SSL certificate from Let’s Encrypt in Ubuntu Apache Server.
Let’s Encrypt will issue certificates cross-signed by IdentTrust.
What you need?
- Ubuntu Server with SUDO access
- Apache Web Server with minimum one domain names and configured ServerName
we will start with Let’s Encrypt client installation. The official client is called Certbot.
However, it is recommended to use the official repository to install a newer version than default provided by Ubuntu.
Add the repository now with the following command.
sudo add-apt-repository ppa:certbot/certbot
Press ENTER and next step will be to update your system.
sudo apt-get update
And now it is time to install the client Certbot
sudo apt-get install python-letsencrypt-apache
The next step is to set up the SSL certificate. It is very simple. You will give the domain name as a parameter and Let’s Encrypt will do everything for you.
For the single domain, you can set up the SSL Certificate with the following command
sudo certbot --apache -d xyz.com
We can also install the single certificate for multiple domains using the following command.
sudo certbot --apache -d xyz.com -d www.xyz.com
Please change xyz.com with your domain name.
When the installation is done, you can test your server with https connection using the following link:
sudo https://www.ssllabs.com/ssltest/analyze.html?d=xyz.com
Please change xyz.com with your domain name.
Such certificate that you issued recently is valid normally for 3 months. That means you need to renew a certificate after your certificate is expired. Luckily renewing a certificate is as simple as installing a certificate.
Try the following command to test the renewal process.
sudo letsencrypt renew --dry-run --agree-tos
If the test is successful, now renew the certificate with the following command
sudo letsencrypt renew
Once the renewal is done, do not forget to restart Apache web server with
sudo service apache2 restart
However, this can be a boring task to renew the certificate manually every 3 months or so. Therefore, we will set up the cron job, which will perform this task automatically.
Create new crone job.
sudo vi /etc/cron.daily/letsencrypt-renew
add the following line
#!/bin/sh if letsencrypt renew > /var/log/letsencrypt/renew.log 2>&1 ; then /etc/init.d/apache2 reload > /dev/null 2>&1 fi exit
Save the file and change the access permissions to file system objects
sudo chmod +x /etc/cron.daily/letsencrypt-renew
Open the root user crontab and edit it. There you can include the recently created letsencrypt-renew file and set up the timer.
sudo crontab -e
Include the following line at the end of the file. The time slot can be changed.
01 02,14 * * * /etc/cron.daily/letsencrypt-renew
Save it.
Finally, we will discuss how to revoke your existing certificate using the command line.
Type the following command to revoke the existing license.
letsencrypt revoke --cert-path /etc/letsencrypt/live/<domain_name>/cert.pem
Change <domain_name> with your own domain name, form which you want to revoke the certificate.
That’s all regarding Let’s Encrypt certificate installation and removal in Apache Web Server.
Enjoy SSL. Enjoy encryption.