How to set up Let’s Encrypt SSL certificate for a site hosted on Apache web server



Let’s Encrypt is a certificate authority that provides free SSL/TLS certificates that are instantly validated and signed and can be used to secure your web site. Certificates are valid for 90 days but you can easily set up a task to handle the renewal automatically.

Add the jessie backports apt repository (not needed when running Debian Linux 9, stretch)

echo "deb jessie-backports main" >> /etc/apt/sources.list
apt-get update

2. Install certbot

For Debian Linux 9 (stretch), use the following command:

apt-get install python-certbot-apache

For Debian Linux 8 (jessie), use the following command:

apt-get install -t jessie-backports python-certbot-apache

3. Now that we have certbot installed, let’s request the certificate

certbot --authenticator webroot --installer apache

You will get a list of available hosts that are currently being served by the Apache web server, similar to this:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Type a comma seperated list of the hosts that should be included in the certificate, example: 1,2.

4. Select the webroot for each of the selected hosts. The webroot is the base directory for the web site and is required for the verification process. Each domain may or may not have a different webroot.

Once the webroot directories have been verified certboot will automatically request the certificates and create files on the server containing the keys and certificate.

5. In the next step you’ll be asked if HTTPS is required or not. If HTTPS will be required, certbot will configure apache to redirect http requests to the sites to https. Choose whatever suits your needs here.

6. Now you’ll be able to access your hosts on https, ex.

7. The certificate will expire in 90 days from now. You can manually renew the certificates using the same certbot command but it preferred to add a cronjob to handle that automatically.

Open up crontab with your favorite text editor:

crontab -e

And add the following line at the end of the filw:

30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log

That’s it, now your site is secure and the certificate will be renewed automatically.

  • SSL certificate, apache, Encrypt SSL, Debian, SSL/TLS
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Installing Postfix with MySql backend and TLS

In this tutorial we’ll install a ready to use Postfix mail server with MySql backend for virtual...

Installing ionCube

ionCube protects software written using the PHP programming language from being viewed,...

Installing PowerDNS on etch/lenny

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver....

Installing Zenoss monitoring system

Zenoss is an award-winning open source IT monitoring product that effectively manages the...

Upgrade from etch to lenny

Debian has released a stable version of Debian 5.0 (lenny). If you’re running previous version of...