Categories
LAMP Stack Ubuntu Server

Installing Apache with Let’s Encrypt on Ubuntu Server 18.04

Before doing any work on your Ubuntu Server, it is good practice to update your software repositories using:

apt update

It’s also worth creating a document root for your new web sites – I generally create a dedicated folder in the root, with web sites and logs folders within:

mkdir /sites
mkdir /sites/logs
mkdir /sites/tonymerryfield.co.uk

To make life easier, make your web site folder reflect your domain name.

Installing Apache

To install Apache we simply use the apt command:

apt install apache2

Once installed you’ll need to do some configuration.

First of all let’s go to our apache hosts folder & create a .conf file specific to your new web site.

To keep things simple use the same naming convention you have used for the document root – ensure your config file is named with .conf at the end:

cd /etc/apache2/sites-available

vi tonymerryfield.co.uk.conf

Add the following to your file, you may find it easier to edit this beforehand:

<VirtualHost *:80>

    ServerName      tonymerryfield.co.uk
    ServerAlias     www.tonymerryfield.co.uk

    DocumentRoot    /sites/tonymerryfield.co.uk

    ErrorLog        /sites/logs/tonymerryfield.co.uk.errors.log
    CustomLog       /sites/logs/tonymerryfield.co.uk.access.log combined

    <Directory /sites/tonymerryfield.co.uk/>
        Require all granted
        AllowOverride All
    </Directory>

</VirtualHost>

The only changes you really need to make at this stage is references to tonymerryfield.co.uk to reflect your web sites name.

Installing Let’s Encrypt

Because the version of Certbot in the Ubuntu repositories can be a little out of date, install directly from the PPA:

add-apt-repository ppa:certbot/certbot

apt install python-certbot-apache

Once installed you can run certbot to get a new certificate – on your first run you will need to enter your email address and opt in/out of some options.

certbot

Once you’ve run certbot and got your certificates you can simply check your web site and carry on with your day.

I prefer to tidy up my host files.

Firstly your HTTP config:

vi tonymerryfield.co.uk.conf

<VirtualHost *:80>

    ServerName      tonymerryfield.co.uk
    ServerAlias     www.tonymerryfield.co.uk

    DocumentRoot    /sites/tonymerryfield.co.uk

    RewriteEngine on
    RewriteRule ^ https://tonymerryfield.co.uk%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

Secondly your HTTPS config:

vi tonymerryfield.co.uk-le-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost *:443>

        ServerName              tonymerryfield.co.uk
        ServerAlias             www.tonymerryfield.co.uk

        DocumentRoot            /sites/tonymerryfield.co.uk

        ErrorLog                /sites/logs/tonymerryfield.co.uk.errors.log
        CustomLog               /sites/logs/tonymerryfield.co.uk.access.log combined

        <Directory /sites/tonymerryfield.co.uk/>
            Require all granted
            AllowOverride All
        </Directory>

        SSLCertificateFile      /etc/letsencrypt/live/tonymerryfield.co.uk/fullchain.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/tonymerryfield.co.uk/privkey.pem
        Include                 /etc/letsencrypt/options-ssl-apache.conf

    </VirtualHost>
</IfModule>

Lastly, just to be sure all is still working, restart Apache:

systemctl reload apache2

Cert renewal

It’s a good idea to test your configuration using the following:

certbot renew --dry-run

When certbot is installed it adds a service to the cron.d so any certificates approaching its end-of-life will get renewed. Let’s Encrypt certificates are valid for 90 days, but the client will automatically renew after 60.

Leave a Reply

Your email address will not be published. Required fields are marked *