Skip to the content
Cloudfanatic Knowledge baseCloudfanatic Knowledge base
  • Home
  • Log In
  • System Status
  • Home
  • Log In
  • System Status

How can we help?

e.g. ssh keys, set up mysql, ubuntu 22 mysql php nginx, account settings

Account Functions

  • Your Dashboard
  • Accessing your server for the first time
  • Controlling you instance
  • Cloudfanatic Operating systems and Rebuilding your instance
  • DNS Manager
  • Custom ISO images

Sales & Billing

  • Cloudfanatic Crypto Payments
  • Frequently Asked Questions (FAQ)
  • Server billing
  • Automatic billing for your account
  • Server Upgrades
  • Cloudfanatic Affiliate Program
  • Automated Server backups

News & Announcements

  • RockyLinux 9 now generally available for all instances
  • AlmaLinux 9 now generally available for all instances
  • Servercheap is now Cloudfanatic and more news
  • Ubuntu 22 now generally available for all instances
  • Cloudfanatic/Servercheap has been featured on HostAdvice
  • New 1-Click App – CyberPanel
  • New location: North Carolina
  • Cloudfanatic/Servercheap has been featured on Hostingadvice.com
  • Centos Stream now generally available for all instances
  • Cloudfanatic receives an additional new direct IP allocation from ARIN
  • Cloudfanatic is Introducing 1-Click Apps

Tutorials

  • Secure Apache with Let’s Encrypt on Ubuntu 22.04
  • Setup Apache and Virtual Hosts on Ubuntu 22
  • Change SSH Port on Almalinux
  • Change SSH Port on Debian 10/11
  • Change SSH Port on Ubuntu 20/22
  • Firewalld Cheat Sheet
  • Ubuntu UFW Cheat sheet
  • How to copy my files to and from a linux vps
  • Create passwordless login with SSH keys and PUTTY
  • Accessing your server for the first time
  • DNS Manager
  • Controlling you instance
  • Home
  • Docs
  • Tutorials
  • Secure Apache with Let’s Encrypt on Ubuntu 22.04

Secure Apache with Let’s Encrypt on Ubuntu 22.04

Table of Contents
  • Overview
  • Step 1 — Installing Certbot
  • Step 2 — Create a Virtual Host for your domain
  • Step 3 — Allowing HTTPS Through the Firewall
  • Step 4 — Obtaining Free SSL Certificate
  • Step 5 — Verifying Certbot Auto-Renewal

Overview #

Let’s Encrypt is a Certificate Authority (CA) which gives you the ability to install free SSL certificate for any number of domains, thereby enabling encrypted HTTPS on web servers. This tutorial uses a separate virtual host file instead of Apache’s default configuration file for setting up the website that will be secured by Let’s Encrypt. We recommend creating new Apache virtual host files for each domain hosted in a server because it helps to avoid common mistakes and maintains the default configuration files as a fallback setup.

Step 1 — Installing Certbot #

sudo apt update
sudo apt install certbot python3-certbot-apache

Step 2 — Create a Virtual Host for your domain #

You need to have created a virtual host already. If you have not done so yet, follow this tutorial on how to setup virtual hosts in Apache

Step 3 — Allowing HTTPS Through the Firewall #

sudo ufw allow 'Apache Full'

Step 4 — Obtaining Free SSL Certificate #

sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): Enter-your-email-address here

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your_domain
2: www.your_domain
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/your_domain/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/your_domain/privkey.pem
This certificate expires on 2022-07-10.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for your_domain to /etc/apache2/sites-available/your_domain-le-ssl.conf
Successfully deployed certificate for www.your_domain.com to /etc/apache2/sites-available/your_domain-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https:/your_domain and https://www.your_domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Step 5 — Verifying Certbot Auto-Renewal #

Let’s Encrypt’s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process, as well as to ensure that misused certificates or stolen keys will expire sooner rather than later.

The certbot package you installed takes care of renewals by including a renew script to /etc/cron.d, which is managed by a systemctl service called certbot.timer. This script runs twice a day and will automatically renew any certificate that’s within thirty days of expiration.

To check the status of this service and make sure it’s active, run the following:

sudo systemctl status certbot.timer

● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset:>
     Active: active (waiting) since Mon 2022-04-11 20:52:46 UTC; 4min 3s ago
    Trigger: Tue 2022-04-12 00:56:55 UTC; 4h 0min left
   Triggers: ● certbot.service

Apr 11 20:52:46 jammy-encrypt systemd[1]: Started Run certbot twice daily.

To test the renewal process, you can do a dry run with certbot:

certbot renew --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/your_domain.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for your_domain and www.your_domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/your_domain/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you don’t receive any errors, you’re all set. When necessary, Certbot will renew your certificates and reload Apache to pick up the changes. If the automated renewal process ever fails, Let’s Encrypt will send a message to the email you specified, warning you when your certificate is about to expire.

What are your Feelings
Share This Article :
  • Facebook
  • Twitter
  • LinkedIn
  • Pinterest
Still stuck? How can we help?

How can we help?

Updated on November 1, 2022
Setup Apache and Virtual Hosts on Ubuntu 22

Powered by BetterDocs

Table of Contents
  • Overview
  • Step 1 — Installing Certbot
  • Step 2 — Create a Virtual Host for your domain
  • Step 3 — Allowing HTTPS Through the Firewall
  • Step 4 — Obtaining Free SSL Certificate
  • Step 5 — Verifying Certbot Auto-Renewal

2023 Cloudfanatic Knowledge base

To the top ↑ Up ↑