How To Install Let's Encrypt SSL Certificate on Ubuntu 22.04 & Apache

Posted
Comments 0

Securing your server with a free Let’s Encrypt SSL certificate will give your users a sense of security and safety, as all data to and from your website will be fully encrypted. It will also stop browser warnings like “Your connection to this site is not secure“ which is a big turn off for users. We’ll install certbot app so the certificate will automatically be updated before it expires.

This article is part of my series The Ultimate Web Server.

Contents

Prerequisites

Installing Certbot Package

Certbot is a Let’s Encrypt package that will automatically update and install valid, in-date SSL certificates for your website. Let’s update the package cache first:

sudo apt update

Now let’s install Cerbot and a Python package that enables Certbot to configure Apache directives:

sudo apt install certbot python3-certbot-apache

Allow HTTPS Through the Firewall

If you followed my guide on How to install a LAMP stack on Ubuntu 22.04 I did recommend you open both ports 80 (HTTP non-secure) and port 443 (HTTPS secure). If you chose to only open port 80, you will need to also allow port 443. Lets check the options UFW firewall has:

sudo ufw status
Check UFW Status

You should see “Apache Full” and “Apache Full (v6)”. If you have only “Apache” and “Apache (v6)” then enter the following code to allow both ports 80 and 443 through the firewall:

sudo ufw allow 'Apache Full'

Then delete the older rule:

sudo ufw delete allow 'Apache'

If you’re following this guide as a stand alone (without the initial server setup) then you’ll need to also enable OpenSSH through the firewall and then enable it:

sudo ufw allow OpenSSH
sudo ufw enable

Run the Status command again:

sudo ufw status

And you should see this:

Check UFW Status

Installing an SSL Certificate

Now let’s install a fresh SSL certificate for your website. Initiate the Certbot package as follows:

sudo certbot --apache

Cerbot will then ask you a series of questions as follows (replace my info for your own):

  • Enter email address (used for urgent renewal and security notices) – me@mywebsite.com
  • Please read the Terms of Service – Y
  • Will you share your email address? – Y or N
  • Which names would you like to activate HTTPS for? – ENTER for all

Certbot will then request SSL certificates for your domain name(s) listed. You should receive confirmation as follows (my domains is ricbre.com and www.ricbre.com):

Cerbot confirmation of SSL certificates

Open a new tab in your web browser and enter your domain name (in my case it’s ricbre.com). You should now see your website as HTTPS with the secure lock:

Website is now using HTTPS

Click on the lock to see security status:

Click the lock to see security status

Verify Certbot is on Autorenewal

We need to make sure Certbot will auto-renew your SSL certificates every 90 days. For this we use the certbot.timer to check:

sudo systemctl status certbot.timer

You should see something similar to the following:

Check Certbot Timer

We can test the autorenewal process but doing a dry run:

sudo certbot renew --dry-run

The result should be as follows (replace domain names with your domain names):

Certbot Dry Run Results

Conclusion

I hope everything went smoothly. If not, I have included troubleshooting links below. If you’ve followed my guides for initial server setup, installing LAMP and creating a Virtual Host, then you should now have a fully fledged, secure web server. See my other guides: How to install phpMyAdmin for easy administration of MySQL databases, and how to install WordPress on your Apache web server.

See Also

Further Reading

Author
Categories Ubuntu, Web Development

Comments

There are currently no comments on this article.

Comment

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.