Linux

How to Install Let’s Encrypt SSL with Apache on Debian 11

Disclosure: This post may contain affiliate links, which means we may receive a commission if you click a link and purchase something that we recommended.

How to Install Let’s Encrypt SSL with Apache on Debian 11. You will also learn to configure virtual host with Apache and secure your setup with HTTPS redirection.

This setup is tested on Google cloud, so it will work on all cloud hosting services like AWS, Azure or any VPS or any dedicated servers running Debian 11.

Prerequisites

  • Root access to your server or a sudo user.
  • Domain pointed to your server IP to install Let’sEncrypt SSL

Step 1: Setup Initialization

Start by updating the packages to the latest version available using the following command.

sudo apt update
sudo apt upgrade

Install wget package.

sudo apt install wget

Once you have updated the setup you can start the setup.

Step 2: Install Apache

Install Apache using the following command.

sudo apt install apache2

This will install apache2 and all required dependencies.

Step 3: Setup Firewall

Now you can set up Uncomplicated Firewall (UFW) with Apache to allow public access on default web ports for HTTP and HTTPS

sudo ufw app list

You will see all listed applications.

Output
Available applications:
Apache
Apache Full
Apache Secure
OpenSSH
  • Apache: This profile opens port 80 (normal, unencrypted web traffic)
  • Apache Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
  • Apache Secure: This profile opens only port 443 (TLS/SSL encrypted traffic)
  • OpenSSH: This profile opens port 22 for SSH access.

If you are not going to use SSL you need to enable only the Apache profile.

Now we will enable Apache Full.

sudo uff allow OpenSSH
sudo ufw allow 'Apache Full'

With this command you can view the status of UFW.

sudo ufw status

You will see the output as follows.

Output
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
OpenSSH ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)

Step: 4 Check Apache Installation

Once Apache is installed is is started automatically and already be up and running.

Every process in Apache is managed with the systemctl command. Check the status of Apache with the following command.

sudo systemctl status apache2
Output
● apache2.service - The Apache HTTP Server
    Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Drop-In: /lib/systemd/system/apache2.service.d
            └─apache2-systemd.conf
    Active: active (running) since Tue 2022-02-02 10:29:51 UTC; 5min ago
  Main PID: 10617 (apache2)
     Tasks: 55 (limit: 667)
    CGroup: /system.slice/apache2.service
            ├─10617 /usr/sbin/apache2 -k start
            ├─10619 /usr/sbin/apache2 -k start
            └─10620 /usr/sbin/apache2 -k start
 Feb 02 10:29:51 apache systemd[1]: Starting The Apache HTTP Server…
 Feb 02 10:29:51 apache systemd[1]: Started The Apache HTTP Server.

Now we have Apache installed and configured Firewall.

Step 5: Configure Apache

Disable default Apache configuration.

sudo a2dissite 000-default

Create website directories.

sudo mkdir -p /var/www/html/domainname/public

Setup correct permissions.

sudo chmod -R 755 /var/www/html/domainname
sudo chown -R www-data:www-data /var/www/html/domainname

Create a new virtual host configuration.

sudo nano /etc/apache2/sites-available/domainname.conf

Paste the following configurations in the new file.

<VirtualHost *:80>
     ServerAdmin [email protected]domainname.com
     ServerName domainname.com
     ServerAlias www.domainname.com

     DocumentRoot /var/www/html/domainname/public

     <Directory /var/www/html/domainname/public>
         Options Indexes FollowSymLinks
         AllowOverride All
         Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log 
     CustomLog ${APACHE_LOG_DIR}/access.log combined 
 </VirtualHost>

Enable the new configuration.

sudo a2ensite domainname.conf

Step 6: Install Let’s Encrypt SSL

HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to your audiences.

Here we will install Certbot to install Let’sEncrypt SSL using Snap.

sudo apt update
sudo apt install snapd -y
sudo snap install core
sudo snap refresh core

Install Certbot tool.

sudo snap install --classic certbot

Configure Certbot to be executable as as a command.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Now we have installed Certbot to install Let’s Encrypt for Debian 11.

Execute the following command to install your certificates.

sudo certbot --apache --agree-tos --redirect -m [email protected] -d domainname.com -d www.domainname.com

Select the appropriate option and hit Enter

This command will install Free SSL, configure redirection to HTTPS and restarts the Apache server.

Step 7: Renewing SSL Certificate

Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. So, let’s test the renewal feature using the following command.

sudo certbot renew --dry-run

This command will test the certificate expiry and configures the auto-renewable feature.

Step: 8: Test the Setup

Once you have done the able steps you can create a new test HTML file in your web directory.

sudo nano /var/www/html/domainname/public/index.html

Paste the below code inside the file.

<!DOCTYPE html>
<html>
    <body>
        <h1>Test page with HTTPS</h1>
   </body>
</html>

Save the file.

Now go ahead and check your domain name in browser (domainname.com).

You will see that your domain got redirected to HTTPS and see the HTML output.

Supercharge your Linux Administration Career with completed training course and get your dream job.

Conclusion

Now you have learned how to install Let’s Encrypt Free SSL with Apache on Debian 11.

Thanks for your time. If you face any problem or any feedback, please leave a comment below.

Write A Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.