Before doing any work on your Ubuntu Server, it is good practice to update your software repositories using:
apt update
It’s also worth creating a document root for your new web sites – I generally create a dedicated folder in the root, with web sites and logs folders within:
mkdir /sites
mkdir /sites/logs
mkdir /sites/tonymerryfield.co.uk
To make life easier, make your web site folder reflect your domain name.
Installing Apache
To install Apache we simply use the apt command:
apt install apache2
Once installed you’ll need to do some configuration.
First of all let’s go to our apache hosts folder & create a .conf file specific to your new web site.
To keep things simple use the same naming convention you have used for the document root – ensure your config file is named with .conf at the end:
cd /etc/apache2/sites-available
vi tonymerryfield.co.uk.conf
Add the following to your file, you may find it easier to edit this beforehand:
<VirtualHost *:80>
ServerName tonymerryfield.co.uk
ServerAlias www.tonymerryfield.co.uk
DocumentRoot /sites/tonymerryfield.co.uk
ErrorLog /sites/logs/tonymerryfield.co.uk.errors.log
CustomLog /sites/logs/tonymerryfield.co.uk.access.log combined
<Directory /sites/tonymerryfield.co.uk/>
Require all granted
AllowOverride All
</Directory>
</VirtualHost>
The only changes you really need to make at this stage is references to tonymerryfield.co.uk to reflect your web sites name.
Installing Let’s Encrypt
Because the version of Certbot in the Ubuntu repositories can be a little out of date, install directly from the PPA:
add-apt-repository ppa:certbot/certbot
apt install python-certbot-apache
Once installed you can run certbot to get a new certificate – on your first run you will need to enter your email address and opt in/out of some options.
certbot
Once you’ve run certbot and got your certificates you can simply check your web site and carry on with your day.
I prefer to tidy up my host files.
Firstly your HTTP config:
vi tonymerryfield.co.uk.conf
<VirtualHost *:80>
ServerName tonymerryfield.co.uk
ServerAlias www.tonymerryfield.co.uk
DocumentRoot /sites/tonymerryfield.co.uk
RewriteEngine on
RewriteRule ^ https://tonymerryfield.co.uk%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Secondly your HTTPS config:
vi tonymerryfield.co.uk-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName tonymerryfield.co.uk
ServerAlias www.tonymerryfield.co.uk
DocumentRoot /sites/tonymerryfield.co.uk
ErrorLog /sites/logs/tonymerryfield.co.uk.errors.log
CustomLog /sites/logs/tonymerryfield.co.uk.access.log combined
<Directory /sites/tonymerryfield.co.uk/>
Require all granted
AllowOverride All
</Directory>
SSLCertificateFile /etc/letsencrypt/live/tonymerryfield.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tonymerryfield.co.uk/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Lastly, just to be sure all is still working, restart Apache:
systemctl reload apache2
Cert renewal
It’s a good idea to test your configuration using the following:
certbot renew --dry-run
When certbot is installed it adds a service to the cron.d so any certificates approaching its end-of-life will get renewed. Let’s Encrypt certificates are valid for 90 days, but the client will automatically renew after 60.