How To Secure Apache with Let’s Encrypt on Ubuntu

This post will show you how to set up a TLS/SSL certificate from Let’s Encrypt on an Ubuntu server running Apache as a web server.

Introduction about SSL

SSL stands for Secure Socket Layer. SSL is a protocol used for sending confidential data over the Internet. SSL creates a secure connection between a web browser and the server. In this process, SSL uses encryption to keep the data private.

Advantages of SSL

• Encrypts Information. SSL certificate ensures the data you send online are read by only the intended recipient and none else.
• SSL makes some changes in the original data so that the data can’t be read by the third parties.
• Having SSL certificate ensures authentication.
• Secure against phishing attacks.
• Better search engine rankings.

Install SSL certificate using Let’s Encrypt


• Ubuntu server with a non-root sudo user.
• The Apache web server installed and domain name properly configured.
• Your domain mapped with server IP.

Step 1 — Install the Let’s Encrypt Client

The first step to Let’s Encrypt SSL certificate is to install the certbot software on your server.

sudo add-apt-repository ppa:certbot/certbot

You will need to press ENTER to accept. Then update the package list using following command

sudo apt-get update

Install Certbot SSL using following command.

sudo apt-get install python-certbot-apache

Step 2 — Set Up the SSL Certificate

Following command is automatically install a new SSL certificate on apache server that is valid for only 3 months. A single certificate that is valid for multiple domains or subdomains. Execute following command.

sudo certbot --apache -d

If you can execute above command then it will ask some basic information like email, agree terms & service and enabling both http and https access. After install certificate, automatically changed apache configuration file as required.
When the installation is finished, you should be able to find the generated certificate files at /etc/letsencrypt/live.

Step 3 — Auto Renewal SSL Certificate

Let’s Encrypt’s certificates is valid for 3 months. Following command is to check for expiring certificates and renew them automatically.

sudo crontab -e

After execute above command, Your text editor will open the default crontab which is a text file with some help text in it.
Paste in the following line at the end of the file, then save and close it:

15 3 * * * /usr/bin/certbot renew --quiet

Now your domain is ready with SSL Certificate.