Install a certificate for a website under Apache on Linux

From tech
Jump to navigation Jump to search

In this article, I will show you how to create and install a free SSL certificate for your domain. I will demonstrate how we did it for this very site. The example applies to a site installed on Apache, on a server where you have SSH access and root user privileges. In the example, we use the Debian 11 operating system.

Also we have multiple domain under the same host, managed with VirtualHost. link to official documentation.

We will use letsencrypt to create the certificate.

  1. Connect to your server via SSH. For example:
    ssh myhostaddress.com
  2. Become root. Alternatively, you can use the sudo command before the commands we are going to use:
    sudo su -
  3. Install snapd:
    apt install snapd
  4. And do the basic configuration. For this example we are not going to deep explain every step, so just:
    snap install core
snap refresh core
  5. In case you have a result like this:
    snap "core" has no updates available
    It is ok, go on.
  6. Clean eventually previous installations of certbot. Warning: do this only if you are sure nobody else needs it, or it can break previous scripts and so on:
    apt-get remove certbot
  7. Install certbot:
    snap install --classic certbot
  8. Create a link to make certbot usable from users:
    ln -s /snap/bin/certbot /usr/bin/certbot
  9. Start certbot for apache:
    certbot --apache

    I also tested it with Nginx. You just need to use the --nginx parameter.
  10. This will start an interactive script where we need to interact. Let's start with first question. You will see:
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel):
    In this case you will just enter your email. Please also not the first line: it indicates you where is the log you will need if something goes wrong.
  11. Second step, the Terms of Service. In order to proceed you need to accept:
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
  12. Next the script will ask you to subscribe mailing list. You can say yes or not, according to your wishes:
    Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
  13. On this server we have multiple domains. So the script will ask you so specify which domain you want to use. In our case the output is:
    Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: muninn.land
2: en.muninn.land
3: it.muninn.land
4: m.muninn.land
5: tech.muninn.land
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 5
    In this case we want to create a certificate for tech.muninn.land, so we input 5.
    The result will be:
    Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/tech.muninn.land/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/tech.muninn.land/privkey.pem
This certificate expires on 2023-06-01.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for tech.muninn.land to /etc/apache2/sites-available/tech.muninn.land-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://tech.muninn.land

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Retrieved from "http://tech.muninn.land/index.php?title=Install_a_certificate_for_a_website_under_Apache_on_Linux&oldid=26"