Configuring Let's Encrypt with Apache on Ubuntu Bionic

• Let's-Encrypt
• Apache
• Ubuntu-Bionic
• SSL-certificates

Let’s Encrypt is a certificate authority providing free SSL certificates. The creation, validation, and installation are automated with Certbot — all major browsers trust certificates issued by Let’s Encrypt.

In this tutorial, you will discover how to secure your Apache web server on a Scaleway Instance running Ubuntu Linux. We will walk you through the process of setting up a website on Apache and obtaining a Let’s Encrypt SSL certificate using Certbot. Let’s dive in and make your web presence safer and more trustworthy.

Before you startLink to this anchor

To complete the actions presented below, you must have:

• A Scaleway account logged into the console
• Owner status or IAM permissions allowing you to perform actions in the intended Organization
• An SSH key
• An Instance
• A domain name pointing towards your Instance’s IP address (via an A or AAAA record)
• sudo privileges or access to the root user

Installing ApacheLink to this anchor

1. Connect to your Instance via SSH, and update the software already installed:

   apt update
   apt upgrade -y
   

2. Install the Apache web server:

   apt install apache2
   

3. Create a directory for the website. In this tutorial, we use myweb.example.com. Replace it with your domain name whenever you see it:

   mkdir -p /var/www/html/myweb.example.com/public_html
   

4. Create an index page for the website by running the following command:

   nano /var/www/html/myweb.example.com/public_html/index.html
   

   Then copy the following content into the file, save it, and exit nano:

   <html>
     <head>
       <title>myweb.example.com</title>
     </head>
     <body>
       <h1>New Website</h1>
       <p>This is the new website of myweb.exaple.com</p>
     </body>
   </html>
   

5. Create a configuration file for the website, by making a copy of the default configuration:

   cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/myweb.example.com.conf
   

6. Open the file in a text editor:

   nano /etc/apache2/sites-available/myweb.example.com.conf
   

   E dit the following lines to match your configuration, add them to the file, save i, and exit the editor:

   ServerAdmin webmaster@myweb.example.com
   ServerName myweb.example.com
   ServerAlias www.myweb.example.com
   DocumentRoot /var/www/html/myweb.example.com/public_html
   

   Once edited the file should look like this example:

   

7. Activate the new site:

   a2ensite myweb.example.com
   

8. Reload the Apache configuration to enable the new site:

   systemctl reload apache2.service
   

Installing CertbotLink to this anchor

Install Certbot via apt:

apt install certbot python3-certbot-apache -y

Running CertbotLink to this anchor

1. Run Certbot to request a certificate for the domain name:

   certbot --apache
   

   Certbot will ask you a series of questions:

   • First, Certbot asks for your email address. Enter it and press Enter on your keyboard.
   • You will then be asked to agree to the terms of service. Do so by pressing Y.
   • Decide if you want to share your email address with the Electronic Frontier Foundation (EFF). Press Y for yes or N for no.
   • Next, you will be asked for which domains you want to activate SSL. Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown.
   • Certbot asks if all traffic should be forced to HTTPS. Type 1 for no or 2 for yes.
   • The certificate is requested and the following message appears once it has been obtained:

     Congratulations! You have successfully enabled https://myweb.example.com
     You should test your configuration at:
     https://www.ssllabs.com/ssltest/analyze.html?d=myweb.example.com
     

2. Verify the certificate by opening your site in a web browser:

   

The small padlock icon indicates that the connection to your Instance is now encrypted.