Apply HTTPS to Your Website with Let Encrypt for Free
Obtain SSL certificate from Let Encrypt to Secure Your Apache2 Webserver
Secure your website means caring for visitors. One of the most important tasks to communicate well with your audience is to make sure your website is secured. HTTPS is an extension of Hypertext Transfer Protocol which is used for secure communication over a computer network or internet. A website with HTTPS means that the website is secured to transfer information between visitors which is quite vital these days.
Step 1: Deploy your website to Apache2 Webserver
Prerequisite, you should have your server and Apache2 ready (You can check out how to own your first cloud server link here and how to install apache2 on your cloud server) and suppose your website project is on GitLab or github
- SSH to your cloud server and cd to /var/www/html
ssh root@your_droplet_ipaddress
cd /var/www/html/
- Checking git in your server
git --version
git version 2.25.1
- Clone your project to /var/www/html, you will asked for user name and password
git clone your_repository_endpoint_copy_from_gitlab_or_github
Cloning into 'geo-cambodia'...
Username for 'https://gitlab.com': sethathay
Password for 'https://sethathay@gitlab.com':
remote: Enumerating objects: 11506, done.
remote: Counting objects: 100% (11506/11506), done.
remote: Compressing objects: 100% (8598/8598), done.
remote: Total 11506 (delta 2494), reused 11503 (delta 2494), pack-reused 0
Receiving objects: 100% (11506/11506), 21.43 MiB | 4.66 MiB/s, done.
Resolving deltas: 100% (2494/2494), done.
- Check your git branch with the following command, or check out to your production branch if you have
git branch
git checkout prod
Step 2: Create a Virtual Host to represent your website
- cd to /etc/apache2/sites-available
- Create a new virtual host file using the command sudo vi your_domain_or_subdomain_name.conf
<VirtualHost *:80>
ServerName your_domain_or_subdomain_name
ServerAlias www.your_domain_or_subdomain_name
ServerAdmin your_email_address
DocumentRoot /var/www/html/__public_folder_project_repo
<Directory /var/www/html/__home_folder_project_repo>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =your_domain_or_subdomain_name
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
- Enable apache2 rewrite module
sudo a2enmod rewrite
- Disable default virtual host configuration and enable your virtual host configuration
sudo a2dissite 000-default.conf
Site 000-default disabled.
To activate the new configuration, you need to run:
systemctl reload apache2
sudo a2ensite your_domain_or_subdomain_name.conf
Enabling site your_domain_or_subdomain_name.
To activate the new configuration, you need to run:
systemctl reload apache2
- Restart apache2 webserver and check /etc/apach2/sites-enabled
sudo systemctl restart apache2
sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-06-09 02:26:41 UTC; 26s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 91544 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 91558 (apache2)
Tasks: 6 (limit: 1136)
Memory: 13.6M
CGroup: /system.slice/apache2.service
├─91558 /usr/sbin/apache2 -k start
├─91559 /usr/sbin/apache2 -k start
├─91560 /usr/sbin/apache2 -k start
├─91561 /usr/sbin/apache2 -k start
├─91562 /usr/sbin/apache2 -k start
└─91563 /usr/sbin/apache2 -k start
Jun 09 02:26:40 ubuntu-s-1vcpu-1gb-sgp1-01 systemd[1]: Starting The Apache HTTP Server...
Jun 09 02:26:41 ubuntu-s-1vcpu-1gb-sgp1-01 apachectl[91557]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive glob>
Jun 09 02:26:41 ubuntu-s-1vcpu-1gb-sgp1-01 systemd[1]: Started The Apache HTTP Server.
ll /etc/apache2/sites-enabled/
total 8
drwxr-xr-x 2 root root 4096 Jun 9 02:20 ./
drwxr-xr-x 8 root root 4096 Jun 6 13:59 ../
lrwxrwxrwx 1 root root 39 Jun 9 02:20 geo.nestcode.co.conf -> ../sites-available/geo.nestcode.co.conf
Step 3: Getting SSL Certification from Let Encrypt
- Install two packages: certbot and python3-certbot-apache
sudo apt install certbot python3-certbot-apache
- Getting SSL certificate from Let Encrypt
sudo certbot --apache
During installation steps, you will be asked a few questions as below
- Email address (in case your SSL certificate expire or need renewal)
- Agreement on the term of services from Let Encrypt (Choose: A (Agree))
- Share email address to Electronic Frontier Foundation (Choose: N (NO))
- List of the available sites for apply HTTPS (Choose: E (Enter))
- Choose redirect of all requests from HTTP to HTTPS (Choose: 2 (Redirect All))
- YOU ARE READY NOW, you may now visit your site to check.
- Verify certbot auto-renewal
sudo systemctl status certbot.timer
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Wed 2021-06-09 06:17:24 UTC; 1h 23min ago
Trigger: Wed 2021-06-09 13:01:08 UTC; 5h 19min left
Triggers: ● certbot.service
Jun 09 06:17:24 ubuntu-s-1vcpu-1gb-sgp1-01 systemd[1]: Started Run certbot twice daily.
sudo certbot renew --dry-run
Usually, the SSL certification issued by Let Encrypt will expire after 1 year therefore you have to renew the certification after it's expired. You also have another option to set up a cron service to renew it. THANK YOU!!