Apply HTTPS to Your Website with Let Encrypt for Free

Obtain SSL certificate from Let Encrypt to Secure Your Apache2 Webserver

3 years ago SETHA THAY 1584
Apply HTTPS to Your Website with Let Encrypt for Free

Secure your website means caring for visitors. One of the most important tasks to communicate well with your audience is to make sure your website is secured. HTTPS is an extension of Hypertext Transfer Protocol which is used for secure communication over a computer network or internet. A website with HTTPS means that the website is secured to transfer information between visitors which is quite vital these days.

Step 1: Deploy your website to Apache2 Webserver

Prerequisite, you should have your server and Apache2 ready (You can check out how to own your first cloud server link here and how to install apache2 on your cloud server) and suppose your website project is on GitLab or github

  • SSH to your cloud server and cd to /var/www/html
ssh root@your_droplet_ipaddress

cd /var/www/html/
  • Checking git in your server
git --version
git version 2.25.1
  • Clone your project to /var/www/html, you will asked for user name and password

git clone your_repository_endpoint_copy_from_gitlab_or_github
Cloning into 'geo-cambodia'...
Username for 'https://gitlab.com': sethathay
Password for 'https://sethathay@gitlab.com':
remote: Enumerating objects: 11506, done.
remote: Counting objects: 100% (11506/11506), done.
remote: Compressing objects: 100% (8598/8598), done.
remote: Total 11506 (delta 2494), reused 11503 (delta 2494), pack-reused 0
Receiving objects: 100% (11506/11506), 21.43 MiB | 4.66 MiB/s, done.
Resolving deltas: 100% (2494/2494), done.
  • Check your git branch with the following command, or check out to your production branch if you have
git branch
git checkout prod

Step 2: Create a Virtual Host to represent your website

  • cd to /etc/apache2/sites-available
  • Create a new virtual host file using the command sudo vi your_domain_or_subdomain_name.conf
<VirtualHost *:80>
   ServerName your_domain_or_subdomain_name
   ServerAlias www.your_domain_or_subdomain_name
   ServerAdmin your_email_address
   DocumentRoot /var/www/html/__public_folder_project_repo
   <Directory /var/www/html/__home_folder_project_repo>
       AllowOverride All
   </Directory>
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =your_domain_or_subdomain_name
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
  • Enable apache2 rewrite module
sudo a2enmod rewrite
  • Disable default virtual host configuration and enable your virtual host configuration
sudo a2dissite 000-default.conf

Site 000-default disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2


sudo a2ensite your_domain_or_subdomain_name.conf

Enabling site your_domain_or_subdomain_name.
To activate the new configuration, you need to run:
  systemctl reload apache2

  • Restart apache2 webserver and check /etc/apach2/sites-enabled

sudo systemctl restart apache2
sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-06-09 02:26:41 UTC; 26s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 91544 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 91558 (apache2)
      Tasks: 6 (limit: 1136)
     Memory: 13.6M
     CGroup: /system.slice/apache2.service
             ├─91558 /usr/sbin/apache2 -k start
             ├─91559 /usr/sbin/apache2 -k start
             ├─91560 /usr/sbin/apache2 -k start
             ├─91561 /usr/sbin/apache2 -k start
             ├─91562 /usr/sbin/apache2 -k start
             └─91563 /usr/sbin/apache2 -k start

Jun 09 02:26:40 ubuntu-s-1vcpu-1gb-sgp1-01 systemd[1]: Starting The Apache HTTP Server...
Jun 09 02:26:41 ubuntu-s-1vcpu-1gb-sgp1-01 apachectl[91557]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive glob>
Jun 09 02:26:41 ubuntu-s-1vcpu-1gb-sgp1-01 systemd[1]: Started The Apache HTTP Server.
ll /etc/apache2/sites-enabled/
total 8
drwxr-xr-x 2 root root 4096 Jun  9 02:20 ./
drwxr-xr-x 8 root root 4096 Jun  6 13:59 ../
lrwxrwxrwx 1 root root   39 Jun  9 02:20 geo.nestcode.co.conf -> ../sites-available/geo.nestcode.co.conf

Step 3: Getting SSL Certification from Let Encrypt

  • Install two packages: certbot and python3-certbot-apache
sudo apt install certbot python3-certbot-apache
  • Getting SSL certificate from Let Encrypt
sudo certbot --apache

During installation steps, you will be asked a few questions as below

- Email address (in case your SSL certificate expire or need renewal)

- Agreement on the term of services from Let Encrypt (Choose: A (Agree))

- Share email address to Electronic Frontier Foundation (Choose: N (NO))

- List of the available sites for apply HTTPS (Choose: E (Enter))

- Choose redirect of all requests from HTTP to HTTPS (Choose: 2 (Redirect All))

  • YOU ARE READY NOW, you may now visit your site to check.
  • Verify certbot auto-renewal
sudo systemctl status certbot.timer
● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Wed 2021-06-09 06:17:24 UTC; 1h 23min ago
    Trigger: Wed 2021-06-09 13:01:08 UTC; 5h 19min left
   Triggers: ● certbot.service

Jun 09 06:17:24 ubuntu-s-1vcpu-1gb-sgp1-01 systemd[1]: Started Run certbot twice daily.
sudo certbot renew --dry-run

Usually, the SSL certification issued by Let Encrypt will expire after 1 year therefore you have to renew the certification after it's expired. You also have another option to set up a cron service to renew it. THANK YOU!!


About author

Author Profile

SETHA THAY

Software Engineer & Project Manager. I am willing to share IT knowledge, technical experiences and investment to financial freedom. Feel free to ask and contact me.



Scroll to Top