• Support
  • Get In Touch
Login
May 25, 2016

How to secure your Apache using Certbot SSL

Need Hosting? Try ours, it's fast, reliable and feature loaded with support you can depend on.
View Plans

SSL/TLS certificates are used to encrypt the incoming and outgoing data from server to client and vice versa. SSL works on public key authentication mechanism. Whenever a client is sending any information to server, if their is SSL working then the browser will encrypt the data using the public key provided by server and then it will send the data to server. Once the data is received at server, it decrypts it with the private key which resides on the server. The advantage here is that if an attacker is intercepting the data, he will not be able to decrypt and understand the data without private key.

Installing the SSL/TLS certificate on a Linux server is a complex job, but EFF developed Certbot, a tool which automates the process of installing and configuring SSL on Apache webserver makes it easier. Certbot is client for Let’s Encrypt project, and was previously known as letsencrypt. Using Certbot we can automatically install SSL’s on Apache web server for free as it is an open source project.

In this tutorial we will learn how to secure our website running on Apache with an SSL/TLS certificate from Let’s Encrypt using Certbot in Ubuntu 14.04 and Ubuntu 16.04 server. We will also learn to automate the renewal of certificates using Cron Jobs.

Prerequisites

You will need a VPS or Cloud Server with any machine running on either Ubuntu 14.04 or Ubuntu 16.04. You will need an A record pointed towards the IP address of your server. Because when we will be installing the SSL certificate installer will automatically check if domain is pointed towards server or not. You can easily point your domain to the IP address using A record through DNS management by logging into the domain control panel of your domain.

In this tutorial we will consider that you are logged in to your server using non root account. If you are logged in using root account, simply omit using sudo command before the commands we will be using.

Additionally you will need an Apache web server installed on your machine. If you do not have Apache installed in your machine, you can do it by running the following command.

    sudo apt-get install apache2

This command will install the Apache web server in your machine. If you now access your website using your server IP or domain, you should see Apache default page. For more information on installing Apache or LAMP stack, you may read How to Install LAMP with phpMyAdmin on Ubuntu.

Install Certbot SSL on Ubuntu 14.04

Certbot is not prepacked on this version of ubuntu so you will have to download it from it’s website. You can either download the installer script from Certbot’s official website or you can clone the files from github. If you want to download the script from Certbot’s website then run the following command.

    wget https://dl.eff.org/certbot-auto

It’s a small script hence will not take more then seconds to download. Now you will have to give the script privileges to execute. Run the following command

    chmod a+x certbot-auto

Now you can run the installer script by executing following command.

    ./certbot-auto

An alternative method to download the installer script from official repository of Certbot, using git. Download git using the following command.

    sudo apt-get -y install git

Once git is installed, run the following command to clone the repository.

    git clone https://github.com/certbot/certbot

Now run the following command to change the directory.

    cd certbot

From here, you can also run the same command to run the installer, which is –

    ./certbot-auto

If you run the above command then the installer script will guide you through the installation interactively. If you run the installer script without any arguments then the script will download all the dependencies it needs to install the SSL certificate. It will ask you if you want to continue with installation, before downloading and installing dependencies, enter y and continue with the installation.

Once all the dependencies have been installed, it will check your configuration files to find the domains, if there is none, then it will ask you to enter your domain names. You can enter more the one domain, separated by comma or space. Make sure that the domains you are entering are created in Virtual Hosts configuration files.

HP_NO_IMG/data/uploads/users/1db92c87-dcef-4179-9435-27572e5eb57c/1018398591.png” alt=”” />

Press the OK button to proceed. Now it will ask you to enter your email, this email will be used for urgent notices and lost key recovery.

HP_NO_IMG/data/uploads/users/1db92c87-dcef-4179-9435-27572e5eb57c/1901038619.png” alt=”” />

Press the OK button again and you will be asked to accept the terms and conditions. Click on the Agree button to proceed further. Next you will be asked whether HTTPS is required or optional. If you choose easy then your website can be browsed using HTTP and HTTPS both. If you choose secure, then if somebody tries to browse your website with HTTP connection, he will be automatically redirected to secure connection or HTTPS.
Choose accordingly.

HP_NO_IMG/data/uploads/users/1db92c87-dcef-4179-9435-27572e5eb57c/131830748.png” alt=”” />

Now you will be shown an message that you have successfully enabled SSL on the domains you have entered.

HP_NO_IMG/data/uploads/users/1db92c87-dcef-4179-9435-27572e5eb57c/1880646937.png” alt=”” />

Some important information will be shown to you in which you will be told about the expiry of the certificate, which is 90 days from the date of installation. You may now navigate to the directory /etc/letsencrypt/live to check the keys associated with your domain. It is strongly advised that you take regular backup of the directory /etc/letsencrypt because this directory contains all of your account credentials.

Finally you can verify the installation of SSL by going to –

    https://your_website.com

If you see a green padlock at the corner of the domain, your website is now secured.

HP_NO_IMG/data/uploads/users/1db92c87-dcef-4179-9435-27572e5eb57c/577884551.png” alt=”” />

Alternatively you can go to –

    https://www.ssllabs.com/ssltest/analyze.html?d=your_website.com

It will tell you all the information and grade of your SSL certificate.

If you’d like you can give additional arguments while installing the cert. Use -d followed by the domain name if you want to install the certificate for more domains or subdomains. For example if you want to install the certificate for mydomain.com as well as www.mydomain.com and hello.mydomain.com, use the following command.

    ./certbot-auto -d mydomain.com -d www.mydomain.com -d hello.mydomain.com

Now the installer will install the certificate for all these domains. You can also specify your email using --email argument followed by your email address. Although you can specify the these arguments in command line but if you run the script without any arguments then you can provide all the required information interactively during installation.

If you want to obtain only the certificates from Let’s encrypt, you can do so by running the following command instead of the above.

    ./certbot-auto --apache certonly

Now the script will only obtain the certificates, installer will not do any modifications in your Apache configuration files. You can manually install the certificates later on.

Automatic Renewal

Let’s Encrypt CA issues the certificate for a very short period which is 90 days, so it is important that we renew the certificate once every three months. To renew the certificate run the following command.

    ./certbot-auto renew

This command will check for the certificates which are going to expire within 30 days, and it will automatically renew them. But we can simplify the process of automatic renewal using cron. Cron jobs are used for scheduling tasks in linux. Before using a cron job, we must move the installation script to some place safer than the current directory.

Move the installer script to /etc directory using the following command.

    sudo mv certbot-auto /etc

Now edit crontab file using the command –

    sudo crontab -e

Now open the crontab file in text editor, enter the following line at the end of the file.

    * 1 * * 1 /etc/certbot-auto renew --quiet 
    *

Write the file once done. The above command will run the installer script to renew the certificate at 1 AM, every Monday. If the script finds any certificate which is to be renewed within 30 days, installer will automatically renew them. We have used --quiet argument so that installer will work in background and will not produce any error or warning.

HP_NO_IMG/data/uploads/users/1db92c87-dcef-4179-9435-27572e5eb57c/241326747.png” alt=”” />

Install Certbot SSL on Ubuntu 16.04

In Ubuntu 16.04 Certbot package is prepacked. To install Certbot SSL from official repository of Ubuntu 16.04, you can simply run this command to install the dependencies.

    sudo apt-get install python-letsencrypt-apache

Once you run this command, it will ask you to confirm installing packages, press y to proceed through the installation. It will now automatically install all the required packages.

Now run the following command to start the installation of Certbot or Let’s Encrypt SSL.

    sudo letsencrypt

This command will start the installation and it is same as we installed in ubuntu 14.04. We can also specify the arguments with the above command. For example --email or -d etc.

If you want to obtain only the certificates from Let’s Encrypt, you can do so by running the following command instead of the above.

    sudo letsencrypt --apache certonly

Now the script will only obtain the certificates, installer will not do any modifications to your configuration files. You manually install the certificates later.

Automatic Renewal

In Ubuntu 16.04 you can renew the certificate using the following command.

    letsencrypt renew

This command will simply check for all the certificates which are expiring in a month, and it automatically renews them. To automate this task using cron scheduler, you can edit the crontab file using the following command.

    sudo crontab -e

Now at the end of the file append this line.

    * 1 * * 1 letsencrypt renew --quiet
    *

Write the file once done. The above command will run the installer script every monday at 1 AM. If the script finds any certificate which is scheduled to be renewed, the script renews the certificates. --quiet argument enable the command to run the task in background without producing any error.

Conclusion

We have successfully installed SSL/TLS certificate provided by Let’s Encrypt Certificate Authority on both Ubuntu 14.04 and Ubuntu 16.04. We also learned to automate the renewal process using Cron Jobs. Using SSL/TLS certificate we can secure our incoming and outgoing data.

Need Hosting? Try ours, it's fast, reliable and feature loaded with support you can depend on.
View Plans

Share this Article!

Related Posts

Node.js Authentication – A Complete Guide with Passport and JWT

Node.js Authentication – A Complete Guide with Passport and JWT

Truth be told, it’s difficult for a web application that doesn’t have some kind of identification, even if you don’t see it as a security measure in and of itself. The Internet is a kind of lawless land, and even on free services like Google’s, authentication ensures that abuses will be avoided or at least […]

September 30, 2021
Read More Node.js Authentication – A Complete Guide with Passport and JWT
Node.js and MongoDB: How to Connect MongoDB With Node

Node.js and MongoDB: How to Connect MongoDB With Node

MongoDB is a document-oriented NoSQL database, which was born in 2007 in California as a service to be used within a larger project, but which soon became an independent and open-source product. It stores documents in JSON, a format based on JavaScript and simpler than XML, but still with good expressiveness. It is the dominant […]

September 27, 2021
Read More Node.js and MongoDB: How to Connect MongoDB With Node
Using MySQL with Node.js: A Complete Tutorial

Using MySQL with Node.js: A Complete Tutorial

Although data persistence is almost always a fundamental element of applications, Node.js has no native integration with databases. Everything is delegated to third-party libraries to be included manually, in addition to the standard APIs. Although MongoDB and other non-relational databases are the most common choice with Node because if you need to scale an application, […]

September 7, 2021
Read More Using MySQL with Node.js: A Complete Tutorial
Node.Js Vs Django: Which Is the Best for Your Project

Node.Js Vs Django: Which Is the Best for Your Project

Django and NodeJs are two powerful technologies for web development, both have great functionality, versatile applications, and a great user interface. Both are open source and can be used for free. But which one fits your project best? NodeJs is based on JavaScript, while Django is written in Python. These are two equally popular technologies […]

August 31, 2021
Read More Node.Js Vs Django: Which Is the Best for Your Project
Nodejs Vs PHP: Which Works Best?

Nodejs Vs PHP: Which Works Best?

Before getting into the “battle” between Node.js and PHP we need to understand why the issue is still ongoing. It all started with the increased demand for smartphone applications, their success forcing developers to adapt to new back-end technologies that could handle a multitude of simultaneous requests. JavaScript has always been identified as a client-side […]

August 30, 2021
Read More Nodejs Vs PHP: Which Works Best?