Let’s Encrypt 

is a certificate authority (CA) that provides a way to obtain SSL/TLS Certificates. This enables HTTPS traffic to flow to your website. A software client called Certbot attempts to automate most of the steps for you.

Since we already have an Apache server we will use Certbot to obtain a free SSL certificate for Apache2 on Ubuntu and setup your certificates to renew automatically.

You need to have:

• A Ubuntu server 18.04 setup including a non-root user account
• A fully registered domain name – I use GoDaddy but feel free to use whatever service you like.
• Setup of the DNS records on your server.
  • An A Record with your Domain_name pointing to your servers public IP address.
  • An A Record with www.Domain_name pointing to your servers public IP address.
• A Virtual Host setup using the other guide.

Install Certbot

Use the Ubuntu server repository to install Certbot:

$ sudo add-apt-repository ppa:certbot/certbot

Press Enter to accept

Install Certbots Apache2 package with apt:

$ sudo apt install python-certbot-apache

Certbot is installed and ready to use we need to verify some of Apache’s configuration.

Setup the SSL Certificate

The first thing certbot is going to do is look for the location of the Virtual Host in your Apache2 configuration for it to automatically configure SSL. It does this by looking for a ServerName directive that matches the domain you made a request certificate for.

You should have a VirtualHost block for your domain at /etc/apache2/sites-available/domain_name.com.conf with the ServerName directive already set.

Let’s check:

$ sudo nano /etc/apache2/sites-available/domain_name.conf

You should see your existing ServerName. Confirm it matches and let’s continue.

Do a syntax config test:

$ sudo apache2ctl configtest

You should receive back SyntaxOk.

Allow HTTPS Traffic Through Firewall

Checkout initial ufw status by typing

$ sudo ufw status

It will probably look like this”

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Apache                     ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache (v6)                ALLOW       Anywhere (v6)

Let’s let in HTTPS traffic:

$ sudo ufw allow ‘Apache Full’

$ sudo ufw delete allow ‘Apache’

Done!

Obtain an SSL Certificate

Let’s use the plugin to install it for us:

$ sudo certbot –apache -d domain_name -d www.domain_name

Follow the prompts.

Verify Certbot Autorenewal

Let’s check the status:

$ sudo systemctl status certbot.timer

Let’s do a dry run:

$ sudo certbot renew –dry-run

If you see no errors you’ve successfully setup certbot got an SSL and configured the auto-renewal! Congrats!