How to use Let’s Encrypt to secure Apache on Ubuntu 20.04

In the beginning, Your Linux system now have Apache installed, and you want to secure it. You are the target audience for this article, which will instruct you on using Let’s Encrypt to secure Apache. If you are unfamiliar with Let’s Encrypt, it is a popular CA (Certificate Authority) that creates the ISRG (Internet Security Research Group).
Now, In order to completely remove the manual installation, validation, generation, and renewal using the software client and Certbot, Let’s Encrypt assists in obtaining and installing free SSL certificates. This automates the planning procedure on Apache.

When a problem arises, Let’s Encrypt offers a certificate, which has a 90-day validity period and is trusted by practically all modern major browsers. As a result, we will instruct you on how to install it in this post. Let’s use Apache on the Ubuntu 20.04 LTS operating system to encrypt and protect it.

Secure Apache: Putting in Let’s Encrypt

Moreover, there are a few requirements you need to meet before you can begin installing Let’s Encrypt. For instance

Apache needs to install.
For which you want the certificate, you need to have a domain name.

If you have completed the necessary steps, just follow the easy step-by-step instructions to begin installing Let’s Encrypt.

Secure Apache: First, install Certbot.

Firstly, Installing Certbot, a command-line tool needed to obtain the certificate will come first. Obtaining and maintaining an SSL certificate as needed is beneficial.

It is accessible through Ubuntu’s official APT package repository and is simple to download and set up from there.

Start by updating the cache repository on the Ubuntu system by using the following command:

$ sudo apt update

Using the command provided below, begin the installation of Certbot and python3-certbot-apache:

$ sudo apt install certbot python3-certbot-apache

Type “y” and hit “Enter” to confirm and start the installation.

The command provided below must enter to confirm that the Certbot is operational:

$ certbot --version

You can see that Certbot is running on a version 0.40.0 installation.

Secure Apache: Step 2: Turn on and set up the firewall

Secondly, We will utilize Ubuntu’s default and pre-installed UFW to adjust the firewall rules to allow HTTPS traffic for the setup of the SSL certificate.

The command listed below must enter to learn more about the UFW regulations currently in effect on the system:

$ sudo ufw status

Use the following command to make the ufw utility active if the status is inactive:

$ sudo ufw enable

Recheck the situation now:

If there are any rules in effect, they will all display.

Now, use the command shown below to enable Apache Full:

 $ sudo ufw allow 'Apache Full'

Utilize the following command to recheck UFW’s status and confirm the configuration:

$ sudo ufw status

Alright! Let’s now use Certbot to obtain the SSL certificate.

Get the Let’s Encrypt SSL certificate in step three.
We will use Certbot to obtain an SSL certificate from the many possibilities that are accessible.

Type the following command into Certbot to obtain an SSL certificate:

$ sudo certbot --apache -d example.com -d www.example.com

When the aforementioned command is run, a few questions will ask. Please read them carefully and respond in accordance with your needs and requirements.

Give your email address first:

Nextly, type A and hit Enter to agree to the terms of service:

Later, when asked if you wish to share your email address with the Electronic Frontier Foundation, respond with Y or N, depending on your preference:

After responding to all the questions, the installation will begin, and the new SSL certificate will be yours.

Secure Apache: Step 4: Check the status of the Certbot service.

Then, just use the following command to check the status of the service to confirm the Certbot auto-renewal:

$ sudo systemctl status certbot.timer

Step 5: Conduct a practice run.

Fifthly, If it is active, you may test the renewal procedure by using the certbot to do a dry run using the command shown below:

$ sudo certbot renew --dry-run

If the aforementioned command did not produce any errors, you are good to go.

Conclusion:

Finally, On Ubuntu 20.04, follow these steps to secure Apache using Let’s Encrypt. You have learned how to get and renew an SSL certificate using Certbot after reading this post, which includes a step-by-step tutorial on protecting the Apache server with Let’s Encrypt using Certbot.

Frequently Asked Questions:

How can I add Apache to Let’s Encrypt?

Even on the most basic infrastructure, increasing your website’s security through encryption may boost users’ confidence in your site and your capacity to manage it. Because it may be difficult and expensive to set up encryption on your web host, managers who have online applications that don’t require user input are frequently discouraged from doing so.

How is a domain verified by Letsencrypt?

Let’s Encrypt is an open and automated certificate authority that uses the ACME (Automatic Certificate Management Environment ) protocol to provide free TLS/SSL certificates to any compatible client. These certificates can use to encrypt communication between your web server and your users.

A certificate authority is what?

Also, TLS/SSL certificates signing cryptographically by certificate authorities (CAs), who attest to their validity. To check site certificates, browsers and operating systems consult a list of trustworthy CAs.

Prior until recently, the majority of CAs were for-profit businesses that billed clients for their verification and signature services. By fully automating the process and depending on sponsorship and donations to pay for the necessary infrastructure, Let’s Encrypt has made this process free for users.