VPS Series: How To Get Let’s Encrypt SSL On Apache For Ubuntu

If you have an E-commerce site, you know the value of protecting your customer’s data. If someone steals your customer’s personal information because of poor security, it could cause your entire business to shut down. Would you shop somewhere online if you didn’t trust their security measures?

Let’s encrypt SSL is a program that provides a free SSL security safety certificate for everyone.  These certificates are important for anyone that runs a website because they add security and help your website’s SEO score.

If you’ve ever used Chrome and tried to go to a website without the SSL certificate, you’ve seen a screen that says the site is unsafe. This is something Google began to do a few years ago to protect people who shop online without knowing the risks.

Let’s Encrypt makes the installation process easy by providing a software client called Certbot that tries to automate the steps. The entire process of getting and installing a certificate on Apache is automated.

If you want to add the SSL security certificate to your Irish website using cPanel Ubuntu, read on for a step-by-step guide.

Things You’ll Need To Follow This Guide

  • VPS Server with Ubuntu 18.04 and a sudo non-root user and a firewall
  • A registered domain name to apply the SSL certificate to.
  • An A record with your domain that points to your server’s public IP address.
  • An A record with your domain, including the ‘www’ in front of it that points to your server’s public IP address. For example, you’ll need the A record for both ‘mywebsite.com’ and ‘www.mywebsite.com’.
  • Apache with a virtual host file for your domain name. Here, we’ll use /etc/apache3/sites-available/mywebsite.com.conf.

That’s it! Now let’s get started.

Install Certbot

This might be the most important step since Certbot automates the process for you.

Certbot developers keep a Ubuntu software repository with up-to-date versions. The first thing that we’ll need to do is add the repository. You can do by entering the command:

$ sudo add-apt-repository ppa:certbot/certbot

Press enter and then install Certbot’s Apache package with apt:

$ sudo apt install python-certbot-apache

You’re now able to use Certbot. You’ll need to verify some configurations before using it to configure SSL for Apache.

Set Up SSL Certificate

Certbot needs to find the right virtual host in your Apache configuration to configure SSL. It looks for a ServerName directive that matches the domain you want a certificate for. Open the virtual host file for your domain and input:

sudo nano /etc/apache2/sites-available/mywebsite.com.conf

You’ll want to find the ServerName line. It will say “ServerName: mywebsite.com”.

If this is the correct domain, you can exit. If it doesn’t match, edit it to match your domain name before exiting your text editor. You’ll need to verify the syntax first by entering:

$ sudo apache2ctl configtest

If an error pops up, open up the virtual file host and look for spelling errors or missing characters. Once you’ve made any corrections, reload Apache using the following command:

$ sudo systemctl reload apache2

Certbot will now update the correct VirtualHost Block.

Setting Up A Firewall To Allow HTTPS

If you have the ufw firewall, you’ll have to change the settings and allow HTTPS traffic. Check your settings by putting in this command:

$ sudo ufw status

This command will pull up a list. You’ll see one of two things. Either the list will show ‘Apache’ or ‘Apache Full’. If you see ‘Apache’, the web server only accepts HTTP traffic.

To let in HTTPS traffic as well, allow ‘Apache Full’ and delete ‘Apache’ using the following commands:

$ sudo ufw allow ‘Apache Full’

$ sudo ufw delete allow ‘Apache’

Check your status again and make sure that it shows ‘Apache Full’. If it does, move on to the next step.

Get Your SSL Certificate

There are a number of different ways to get SSL certificates through plugins. You’ll want to use the Apache plugin to reconfigure Apache and reload the config when needed. To use the plugin, use the command:

$ sudo certbot –apache -d mywebsite.com -d www.mywebsite.com

This command runs Certbot with the –Apache plugin. It uses -d to show the domains you want to use the certificate for.

If you’ve never run Certbot before, it will ask you for an email address. Enter yours and agree to the terms of service. Certbot will then connect with the Let’s Encrypt server and run a challenge to prove that you control the domain you’re certifying.

Once you’ve completed the challenge, Certbot will ask you to configure your HTTPS settings. It will present you with two options. The first is for No redirect, which means that you make no changes to the webserver configuration. The second is for redirect, making all requests redirect to secure HTTPS access.

Make your decision and press enter to restart Apache. Certbot will send you a message saying that the process worked and showing you where your certificates are. Reload your website using https:// and your browser’s security indicator should show the site with a lock icon. This means that your website is now protected and encrypting data.

Verify Certbot’s Auto-Renewal

Let’s Encrypt’s certificates only stay valid for ninety days. The package installed during this process adds the renew script to /etc/cron.d. This runs twice a day and renews certificates that are within thirty days of expiration. Without auto-renewal, your certificate will expire and you’ll have to go through this process again.

Do a dry run with Certbot to confirm that the renewal process works:

$ sudo certbot renew –dry-run

Once you’ve confirmed that everything is fine, you’re all set. If the auto-renewal ever fails, you’ll receive an email from Let’s Encrypt letting you know that your certificate is about to expire and what you’ll need to do to fix it.

You’re now set up with an SSL certificate that shows the 1.6 billion people that shop online that your website is secure.

Do You Want To Protect Your Visitors Without The Hassle?

If you run an E-commerce website, you know how difficult it can be to manage everything. From adding product to maintaining an accurate inventory, you have enough on your plate without having to worry about SSL. While installing Let’s encrypt SSL isn’t difficult, it’s one more thing on your plate.

Instead of worrying about auto-renewals and ensuring that every domain and subdomain has protection, let us do the work for you. For only €139.99 a year, you can get SSL protection for an unlimited number of domains and subdomains. You’ll also rest easy knowing that your website’s security certificate is mobile friendly, allowing customers to shop with you on any device.

Get started today and let us work on securing your E-commerce site.