How To Install a FREE SSL Certificate for Apache on Ubuntu 20.04

December 28, 2021 Apache + Let's Encrypt
Share
Tweet
Share
0 Shares

In this tutorial, we talked about how to use the Let’s Encrypt client certbot on Ubuntu 20.04 to obtain SSL certificates for your domains. Certbot is an command line utility for managing Let’s Encrypt SSL certificates on a Linux system. It allows you to request a new SSL certificate, do the authorization and configure your Apache web server for SSL settings. It also helps you to renew certificates issued by the Let’s Encrypt certificate authority.

Prerequisites

For getting started with the installation of Let’s Encrypt, there are some prerequisites that you should must-have.

  • You should have Apache installed.
  • Have an A record with your_domain pointing to your server’s public IP address.
  • Have an A record with www.your_domain pointing to your server’s public IP address.

If you have fulfilled the requirements for getting started with the installation of Let’s Encrypt, follow the simple step-by-step guide.

First, update the Ubuntu system’s cache repository by typing the command provided below:

sudo apt update && sudo apt upgrade -y

Start the installation process of Certbot and python3-certbot-apache, using the command given below:

sudo apt install certbot python3-certbot-apache

To confirm and begin the installation, type Y and press the Enter key.

Get the Let’s Encrypt SSL certificate

To enable OCSP stapling, simply add --staple-ocsp flag when issuing certbot command. To get the SSL certificate using the Certbot, type the command given below:

sudo certbot --apache --staple-ocsp

First, provide the email address:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):info@your_domain

Next, Agree to the Terms of Service by typing A and pressing Enter:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

Later, it will ask for sharing your email address with the EFF(Electronic Frontier Foundation), so type Y if you want to share or N if you do not want to share your email address:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

You will get the following prompt if you need both www and non-www, best practice you should allow both by typing 1,2 and pressing Enter:

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your_domain
2: www.your_domain
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2

Best practice you should redirect HTTP traffic to HTTPS, and removing HTTP access by typing 2 and pressing Enter:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

After answering all the questions, the installation will start, and you will have the new SSL certificate.