skip to content

Certbot on Ubuntu with Apache2: A Comprehensive Guide

/ 3 min read

linux

Certbot is a free, open-source software tool for automatically deploying Let's Encrypt certificates on websites to enable HTTPS.

Certbot on Ubuntu with Apache2: A Comprehensive Guide

With the rise in cybersecurity threats and the need for secure communication over the Internet, SSL/TLS certificates have become indispensable. Certbot is one of the popular tools that help manage these certificates with ease. Following a question on my Discord server regarding Certbot and its implementation on Ubuntu using Apache2, I have decided to create this guide to break down the process step by step.

Introduction to Certbot

Certbot is a free, open-source software tool developed by the Electronic Frontier Foundation (EFF) for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS. It simplifies the process of obtaining and installing TLS/SSL certificates on web servers, ensuring encrypted communication.

Installing Certbot on Ubuntu

Step 1: Update the System

First, update the package list and upgrade the system to the latest version:

sudo apt update
sudo apt upgrade

Step 2: Configuring ServerName and ServerAlias

Before requesting a certificate, you need to specify the domains that Apache2 will serve. This is done through the ServerName and ServerAlias directives in the Apache2 site configuration file.

  1. Edit the Apache2 Site Configuration File:

    Open your site’s configuration file, usually located in /etc/apache2/sites-available. You can use any text editor like nano:

    sudo nano /etc/apache2/sites-available/your-site.conf

  2. Add or Modify the ServerName Directive:

    Specify the primary domain for your site using the ServerName directive:

    ServerName example.com

  3. Add or Modify the ServerAlias Directive (Optional):

    If you want to add additional domains or subdomains, you can use the ServerAlias directive:

    ServerAlias www.example.com subdomain.example.com

  4. Save and Close the File:

    Save your changes and close the text editor.

  5. Reload Apache to Apply Changes:

    sudo systemctl reload apache2

Now you can proceed to request the certificate using Certbot, and it will generate an SSL certificate for the domains specified in the ServerName and ServerAlias directives.

Step 3: Install Certbot and Apache2 Plugin for Certbot

Before you can begin, you’ll need to install Certbot on your Ubuntu system. Here’s how:

sudo apt install certbot

Install the Certbot Apache2 plugin to integrate Certbot with Apache2:

sudo apt install python3-certbot-apache

Configuring Certbot with Apache2

Step 4: Run Certbot

Once installed, you can run Certbot for Apache2 with:

sudo certbot --apache

Certbot will ask for the domain information and other configuration settings. Follow the on-screen instructions to complete the setup.

Step 5: Configuring Automatic Renewals

Let’s Encrypt certificates expire after 90 days, but Certbot will automatically renew them. To test automatic renewal, you can run:

sudo certbot renew --dry-run

Conclusion

Certbot simplifies the process of managing SSL certificates on an Apache2 server running on Ubuntu. From installation to renewal, it takes care of most of the heavy lifting, making HTTPS more accessible to everyone.

In a world where online security is paramount, tools like Certbot are invaluable in protecting user data and maintaining the integrity of the web. Its ease of use and robust functionality make it a must-have for anyone hosting websites on Apache2 with Ubuntu.