is a certificate authority (CA) that provides a way to obtain SSL/TLS Certificates. This enables HTTPS traffic to flow to your website. A software client called Certbot attempts to automate most of the steps for you.
Since we already have an Apache server we will use Certbot to obtain a free SSL certificate for Apache2 on Ubuntu and setup your certificates to renew automatically.
You need to have:
- A Ubuntu server 18.04 setup including a non-root user account
- A fully registered domain name – I use GoDaddy but feel free to use whatever service you like.
- Setup of the DNS records on your server.
- An A Record with your Domain_name pointing to your servers public IP address.
- An A Record with www.Domain_name pointing to your servers public IP address.
- A Virtual Host setup using the other guide.
Use the Ubuntu server repository to install Certbot:
$ sudo add-apt-repository ppa:certbot/certbot
Press Enter to accept
Install Certbots Apache2 package with apt:
$ sudo apt install python-certbot-apache
Certbot is installed and ready to use we need to verify some of Apache’s configuration.
Setup the SSL Certificate
The first thing certbot is going to do is look for the location of the Virtual Host in your Apache2 configuration for it to automatically configure SSL. It does this by looking for a ServerName directive that matches the domain you made a request certificate for.
You should have a VirtualHost block for your domain at /etc/apache2/sites-available/domain_name.com.conf with the ServerName directive already set.
$ sudo nano /etc/apache2/sites-available/domain_name.conf
You should see your existing ServerName. Confirm it matches and let’s continue.
Do a syntax config test:
$ sudo apache2ctl configtest
You should receive back SyntaxOk.
Allow HTTPS Traffic Through Firewall
Checkout initial ufw status by typing
$ sudo ufw status
It will probably look like this”
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Apache ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache (v6) ALLOW Anywhere (v6)
Let’s let in HTTPS traffic:
$ sudo ufw allow ‘Apache Full’
$ sudo ufw delete allow ‘Apache’
Obtain an SSL Certificate
Let’s use the plugin to install it for us:
$ sudo certbot –apache -d domain_name -d www.domain_name
Follow the prompts.
Verify Certbot Autorenewal
Let’s check the status:
$ sudo systemctl status certbot.timer
Let’s do a dry run:
$ sudo certbot renew –dry-run
If you see no errors you’ve successfully setup certbot got an SSL and configured the auto-renewal! Congrats!