Apache - Installing the Let's Encrypt certificate [ Step by step ]

Would you like to learn how to install the Let’s Encrypt certificate on the Apache server of a computer running Ubuntu Linux? In this tutorial, we are going to show you how to install the Let’s Encrypt client and configure an HTTPS website on the Apache server.

• Ubuntu 18
• Ubuntu 19
• Ubuntu 20
• Apache 2.4.41

In our example, the IP address of the Apache server is 36.160.86.106.

In our example, we are going to create the website: WWW.GAMEKING.TIPS.

Copyright © 2018-2021 by Techexpert.tips.
All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means without the prior written permission of the publisher.

Apache – Related Tutorial:

On this page, we offer quick access to a list of tutorials related to Apache.

Apache Let’s Encrypt – DNS configuration

Access the GODADDY website and purchase a DNS domain.

In our example, we purchased a domain named:

Copy to Clipboard

You can use any website to purchase a DNS domain, GoDaddy is just my personal choice.

Create a DNS entry pointing your website to the computer running Apache.

In our example, we created a DNS entry pointing WWW.GAMEKING.TIPS to 35.160.86.106.

Use the NSLOOKUP command to test your DNS configuration.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Congratulations! You have finished the required DNS configuration.

Tutorial Let’s Encrypt – Apache installation

Install the Apache server and the required packages.

Copy to Clipboard

Enable Apache module named: Mod_ssl.

Enable Apache module named: Mod_rewrite.

Copy to Clipboard

Edit the Apache configuration file.

Copy to Clipboard

Add the following lines at the end of this file.

Copy to Clipboard

Create directories to store the new website files and logs.

Copy to Clipboard

The website files will be stored inside the following directory:

Copy to Clipboard

The website logs will be stored inside the following directory:

Copy to Clipboard

Create an Apache configuration file for the new website.

Copy to Clipboard

Here is the file with our configuration.

Copy to Clipboard

Enable the new website.

Copy to Clipboard

Restart the Apache service.

Copy to Clipboard

Open your browser and try to access the HTTP version of the website.

In our example, the following URL was entered in the Browser:

• http://www.gameking.tips

You have finished the virtual host configuration on the Apache server.

Apache Let’s Encrypt – Installing the Certificate

We need to install the free HTTPS certificate.

We also need to redirect all HTTP traffic to the HTTPS version of the website automatically.

Install the list of required packages.

Copy to Clipboard

Install the Apache free HTTPS certificate

Copy to Clipboard

• Press (A) to Agree with the Terms of Service.
• Press (Y) to share your e-mail and receive Newsletters.
• Press (2) to automatically redirect your HTTP website to the HTTPS versions.

Copy to Clipboard

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): techexpert@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
Performing the following challenges:
http-01 challenge for www.gameking.tips
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/gameking-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/gameking-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/gameking-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/gameking.conf to ssl vhost in /etc/apache2/sites-available/gameking-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://www.gameking.tips

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.gameking.tips
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.gameking.tips/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.gameking.tips/privkey.pem
   Your cert will expire on 2021-02-21. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

The system will automatically install a free certificate.

It will also configure the Apache server to redirect all HTTP access to the HTTPS version of your website.

In our example, the system created a virtual host configuration file.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

The KEY file contains your Certificate private key and must be kept in a safe place all the time.

In our example, the KEY file was stored at :

Copy to Clipboard

The system automatically modifies the original Apache’s virtual host configuration file.

It will automatically redirect all HTTP requests to the HTTPS version of your website.

Copy to Clipboard

Open your browser and enter the DNS address of the new website using the HTTPS protocol.

In our example, the following URL was entered in the Browser:

• https://www.gameking.tips/

The HTTPS page should be presented.

Verify the certificate properties.

You have installed a Let’s Encrypt certificate on the Apache server.

Apache Let’s Encrypt – Certificate Renew

The free certificate installed is valid for 90 days.

The System creates a scheduled task to automatically renew any certificate within thirty days of expiration.

The scheduled task name is CERTBOT and it is located inside the following directory:

Copy to Clipboard

Here is the file content.

Copy to Clipboard

Use the following command to simulate the process of certificate renew.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.gameking.tips.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.gameking.tips
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/www.gameking.tips/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/www.gameking.tips/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

Congratulations! You have configured the Let’s Encrypt automatic certificate renew.

Apache – Installing the Let’s Encrypt certificate