How to install Let’s Encrypt on Apache2

In today’s web, security is not optional. Providing your users with an encrypted connection via HTTPS is essential for protecting data and improving your site’s SEO ranking. Let’s Encrypt is a free, automated, and open Certificate Authority (CA) that makes it incredibly easy to secure your website.

In this guide, we will walk through the process of installing a Let’s Encrypt SSL certificate on an Apache2 web server using Certbot.

Prerequisites

Before we begin, ensure you have:

• An Ubuntu server running Apache2.
• A registered domain name pointing to your server’s public IP.
• A virtual host file configured for your domain.
• Sudo privileges on your server.

Step 1: Install Certbot

Certbot is the tool used to automate the process of obtaining and renewing Let’s Encrypt certificates. First, update your local package index and install the Certbot Apache plugin:

sudo apt update
sudo apt install certbot python3-certbot-apache

Step 2: Set Up the SSL Certificate

Certbot provides a powerful plugin for Apache that automates the reconfiguration of your server. To start the process, run the following command:

sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

(Replace yourdomain.com with your actual domain name.)

Step 3: Configure the Installation

During the installation, Certbot will ask for some information:

1. Email Address: Used for renewal and security notices.
2. Terms of Service: Agree to the Let’s Encrypt terms.
3. Redirect HTTP to HTTPS: You will be asked whether to redirect all traffic to HTTPS. It is highly recommended to choose the “Redirect” option (usually option 2) to ensure all users are on a secure connection.

Once finished, Certbot will update your Apache configuration and display a message confirming the success of the installation.

Step 4: Verify the Certificate

You can now visit your website using https://yourdomain.com. Look for the padlock icon in the browser address bar to verify that the connection is secure.

You can also test your server’s security rating using the SSL Labs Server Test.

Step 5: Test Auto-Renewal

Let’s Encrypt certificates are valid for 90 days. However, the Certbot package handles this automatically by adding a renewal script to /etc/cron.d. You can test the renewal process to make sure it works with a “dry run”:

sudo certbot renew --dry-run

If you see no errors, your certificates will renew automatically before they expire.

Conclusion

Securing your Apache server with Let’s Encrypt is a straightforward process thanks to Certbot. By following these steps, you’ve moved from an insecure HTTP connection to a fully encrypted HTTPS setup for free.