Secure Apache with Let’s Encrypt on Ubuntu 18.04

Step 1 — Installing Certbot

Install SSL Certbot software to install SSL certificate.

First, add the repository:

sudo add-apt-repository ppa:certbot/certbot

Press ENTER to accept.

Install Certbot’s Apache package using apt:

sudo apt install python-certbot-apache

Verify Apache configuration.

Step 2 — Set Up the SSL Certificate

Check virtual host file for your domain using nano

sudo nano /etc/apache2/sites-available/your_domain.conf

Find your existing ServerName. Some thing similar to this:

ServerName your_domain;

If domain doesn’t exit update your domain name.

Test your apache configuration using below command.

sudo apache2ctl configtest

If you get error reopen and config welll.


sudo systemctl reload apache2

Step 3 — Allowing HTTPS Through the Firewall

sudo ufw status

You will see something like this,which means http server is allowed :

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Apache                     ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache (v6)                ALLOW       Anywhere (v6)

To additionally let in HTTPS traffic, allow the Apache Full profile and delete the redundant Apache profile allowance:

In Addition let’s allow HTTPS traffic and remove redundant Apache profile allowance using following command.

sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'

Your status should now look somewhat like this:

sudo ufw status


 Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Apache Full                ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)        

Next, let’s run Certbot and fetch our certificates.

Step 4 — Obtaining an SSL Certificate

Execute the following command:

sudo certbot --apache -d your_domain -d www.your_domain

Follow The Instructions in command line….

Step 5 — Verifying Certbot Auto-Renewal

Let’s Encrypt’s certificates are only valid for 90 days.The certbot package installed takes care by adding a renew script to /etc/cron.d.The script will run twice a day anf renew with in 30 days.

To test the renewal process, use dry run certbot using following command:

sudo certbot renew --dry-run

Leave a Reply

Your email address will not be published.Required fields are marked *