How To Install Apache with Let’s Encrypt on Ubuntu 22.04 LTS
In this tutorial, we will show you how to install Apache with Let’s Encrypt on Ubuntu 22.04 on Ubuntu 22.04 LTS. For those of you who didn’t know, Let’s Encrypt is a nonprofit Certificate Authority providing certificates so that your websites can use secure connections. Certbot is an open-source software tool for integrating and managing Let’s Encrypt certificates on the web to enable a secure HTTPS protocol. It will automatically manage the Let’s Encrypt certificate for you.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Apache with Let’s Encrypt on Ubuntu 22.04 on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Prerequisites
- A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Apache with Let’s Encrypt on Ubuntu 22.04 LTS Jammy Jellyfish
Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.
sudo apt update sudo apt upgrade
Step 2. Installing Apache HTTP Server on Ubuntu 22.04.
By default, the Apache is available on Ubuntu 22.04 base repository. Now run the following command below to install the latest version of Apache to your Ubuntu system:
sudo apt install apache2
After successfully installation, enable Apache (to start automatically upon system boot), start, and verify the status using the commands below:
sudo systemctl enable apache2 sudo systemctl start apache2 sudo systemctl status apache2
You can confirm the Apache2 version with the below command:
apache2 -v
Step 3. Configure Firewall.
Now we set up an Uncomplicated Firewall (UFW) with Apache to allow public access on default web ports for HTTP and HTTPS:
sudo ufw allow OpenSSH sudo ufw allow 'Apache Full' sudo ufw enable
Step 4. Accessing Apache Web Server.
Once successfully installed, open a web browser on your system and type the server’s IP in the address bar. You will get the default Apache server page:
Step 5. Create Apache Virtualhost.
First, create a root directory to hold your website’s files:
sudo mkdir -p /var/www/html/domain.com/
Then, change the ownership and group of the directory:
sudo chown -R www-data:www-data /var/www/html/domain.com/
After that, we create an Apache virtual host to serve the HTTP version of the website:
sudo nano /etc/apache2/sites-available/www.domain.com.conf
Add the following file:
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin admin@domain.com
DocumentRoot /var/www/html/www.domain.com
ErrorLog ${APACHE_LOG_DIR}/www.domain.com_error.log
CustomLog ${APACHE_LOG_DIR}/www.domain.com_access.log combined
<Directory /var/www/html/www.domain.com>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Save and close the file, then restart the Apache webserver so that the changes take place:
sudo a2ensite www.domain.com.conf sudo a2enmod ssl rewrite sudo systemctl restart apache2
Step 6. Secure Apache with Let’s Encrypt on Ubuntu 22.04.
First of all, you need to install Certbot to get an SSL certificate with Let’s Encrypt:
sudo apt install certbot python3-certbot-apache
Next, get your SSL certificate with Let’s Encrypt by following these steps:
sudo certbot --apache
You will need to follow the interactive prompt and install the certificate. Since I have two domains, I will install SSL certificates for both domains:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): admin@domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Account registered. Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: domain.com 2: www.domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1,2 Requesting a certificate for domain.com and www.domain.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/domain.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/domain.com/privkey.pem This certificate expires on 2022-12-10. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for domain.com to /etc/apache2/sites-available/www.domain.com-le-ssl.conf Successfully deployed certificate for www.domain.com to /etc/apache2/sites-available/www.domain.com-le-ssl.conf Congratulations! You have successfully enabled HTTPS on https://domain.com and https://www.domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Step 7. Auto-Renewal SSL.
Let’s Encrypt certificates have 90 days of validity, and it is highly advisable to renew the certificates before they expire. You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/domain.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Account registered. Simulating renewal of an existing certificate for domain.com and www.domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all simulated renewals succeeded: /etc/letsencrypt/live/domain.com/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Step 8. Test SSL.
Once successfully completed secure Apache with Let’s Encrypt SSL, now go to ssllabs.com/ssltest/, and run an SSL test on your domain:
Congratulations! You have successfully set up Apache with Let’s Encrypt on Ubuntu 22.04. Thanks for using this tutorial for installing the Apache with Let’s Encrypt TLS/SSL on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Apache website.
