Apache Tutorial
Set up a Ubuntu/Apache cloud-based server


Install Certbot

_______________________________________________

Introductory Comments

Certbot is a free, open source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS. Certbot is made by the Electronic Frontier Foundation (EFF), a nonprofit based in San Francisco, CA, that defends digital privacy, free speech, and innovation.

_______________________________________________

Preparations

Make sure:

  • The PowerShell window is open.
  • The server text file you made is open.
  • The Nightly browser is minimized.

_______________________________________________

Update your working server text file

Add these lines to your server text file. Be sure to replace the IP and password where necessary.

######
ssh root@Your-IP
Your-Password
systemctl status sshd
######
###
###
###    CERTBOT
###
###
###
apt install certbot python3-certbot-apache
systemctl restart apache2
systemctl status apache2
certbot --apache
-->  answer the questions
-->  select both of your websites
--> to check expiration dates:
certbot certificates
--> check domains:
https://crt.sh/?Identity=your-domain.com&exclude=expired&deduplicate=Y
-->  look for leaf certificate
nano /etc/apache2/sites-available/www.Your-Domain-le-ssl.conf
reboot  --> use console - wait for login before ssh

_______________________________________________

Update your Ubuntu server files

Make sure you are logged into your Ubuntu server with PowerShell. You may see some upgrade info. If so we will get to it through this path:

apt update

Recently, apt update has been deprecated. This means it will work right now but will not some time in the future. I will tell you how to bypass this warning later on in the Domain Optimization section of the tutorial.

apt list --upgradable
apt upgrade

As the upgrade progresses, sometimes it may stop and ask you a question. 99% of the time it will be OK to say OK. It may look like this:

Apache Daemons Notice

To make it start running again, use the Tab key to highlight the <Ok> key. Then press Enter. You can also use the Space Bar to change states of choice, for example, to select or deselect an option. The Tab key allows you to move around to highlight different areas in the response area. Answer the request and move to the next command.

apt dist-upgrade
apt autoremove

_______________________________________________

A D V E R T I S E M E N T

_______________________________________________

Install Certbot

Install the certbot module. It may ask you to restart some services. You can but there are usually one or more reboots during the installation. You can do it for practice.

apt install certbot python3-certbot-apache

Cycle the Apache2 server:

systemctl restart apache2

Verify it is operating in the green:

systemctl status apache2

Obtaining a certificate is a multi-stepped process. Start the Certbot service:

certbot --apache

Now obtain a certificate for your domain.

You must enter an email address to proceed. They do not spam you. The email is for information you need for your certificate status. I suggest you use admin@Your-Domain. Just be sure to use an email address that works.

Type Y to agree to their service.

Agree to share your email address with them.

You should see both names for your server, one with www and one without.

Select both names by typing 1, a space, and 2. Press Enter.

Note: You can also just press Enter if you want to do them all.

You should see a notice that you have successfully received a certificate. There will be some location data afterwards.

Certbot does a few odd things to your domain configuration files. Open the following file:

nano /etc/apache2/sites-available/www.Your-Domain-le-ssl.conf

Certbot has added a few lines at the end of the file to point out where the Let's Encrypt data is. This is OK. But also notice it added your non-SSL :80 data to the bottom of the file. Honestly, I do not know why it does that! But if I were to guess, it is because they issue a certificate for the naked domain as well. It covers www.your-domain.com and your-domain.com, both ways to enter your domain. Close the file and open:

nano /etc/apache2/sites-available/your-domain.com.conf

Notice Certbot has added a few rewrite rules to this file. They basically do what we had included but hashed out above those lines. They have effectively added a redirect to HTTPS if the user types HTTP. This forces a secure connection, since you now have SSL certificates installed on your Apache 2 server.

Your certificates should be enabled for 89 days. Certbot will automatically renew your certificates before they expire. Enter the following command to see the certifcate on your server.

certbot certificates

Cycle the Apache2 server:

systemctl restart apache2

Verify it is operating in the green:

systemctl status apache2

_______________________________________________

A D V E R T I S E M E N T

_______________________________________________

Check your certificate online

Select a new tab on your Nightly browser. Enter the following command into the address line and press Enter. If you have set up your domain correctly with Namecheap, you will see certificate data. There's a lot of data there. Just be satisfied that the certificate is working properly. Again, make sure you have replaced your-domain.com with Your-Domain.

https://crt.sh/?Identity=your-domain.com&exclude=expired&deduplicate=Y

_______________________________________________

Check for an SSL lock

Open a new browser tab. Enter Your-Domain into the Nightly browser. It will still say Forbidden but look at the lock by the URL. You aren't displaying anything to the world but you are secure about it! Notice that the website has automatically moved to the www secure page. Neat, huh? It's time to install MySQL. Reboot the server and press on when you are ready.

Install MySQL

_______________________________________________

COMMENTS - Install Certbot


Leave a comment.
Moderator approval may be required before posting.


Total Views of this Page: 799

_______________________________________________

Rocket! Rocket! Rocket!

_______________________________________________

If You Like This:

PayPal Pixel

I may make affiliate fees from services you select on this website.
Thank you!
©1998-2024 RocketRanch


x
This website is using cookies.   More info. That's Fine
Welcome again, you previously approved our cookie policy.