Install Free SSL Certificate on Apache Server Ubuntu 22.04

How to Install Free SSL on Apache Ubuntu 22.04

Every website needs a SSL certificate. It is important for the security of your website and visitors’ data and it is also important in terms of SEO. If you are running a website on an Apache server or planning to run one, you can easily install a free ssl from Let’sEncrypt on your server for each website you have hosted on it.

Here are the main steps to be completed when you want to install a free ssl by Let’s Encrypt on Apache server:

• Get a Virtual Machine

• Install Apache Web Server

• Upload website files

• Create a vhosts file for your website

• Install Certbot

• Install a free ssl certificate on the website

You can start by creating an EC2 instance and then installing Apache server on it. Apache is among the most popular web servers powering the highest number of websites. It is a highly flexible and modular server where you can use modules to extend the server’s functionality. Modules like deflate, expires, headers, rewrite etc allow you to create redirects, speed up and secure your web server and websites.

Once you have installed the Apache server and all the necessary dependencies required to run your website like php and mysql if you need, you can upload website files to the server. However, to bring your website online and serve it from its domain name, you will need to create a vhosts file. Create the vhosts file which is also essential to applying ssl. Now, you can install and run certbot to get a free ssl for your website.

Create EC2 VM Instance

Creating an EC2 VM Instance to host a website is very easy and you need to go to the AWS console and then to the EC2 dashboard. Click on create new instance and then provide a name for your new instance. Select Ubuntu for the Amazon Machine Image and then select the right instance size according to your need.

We are going to use a t2.micro instance for our use. Create a new key pair or use an existing one and then you can create a new security group to allow SSH access from your ip and http and https traffic from the internet. Configure storage according to your need and then click on create instance. In a few minutes, the VM instance will be up and running. Now, we can move on to the next step to install Apache server on the instance.

Install Apache Server

Apache web server is a widely used server for running web applications. It offers a large collection of modules to extend the server functionality and make it secure. To install Apache server on your VM instance, SSH to your instance and run the following command:

Sudo apt update -y
Sudo apt install apache2 -y

That’s all. You will have the Apache server installed on your VM instance within a minute. To check if the server is active and running, you will need to run the following command:

Sudo systemctl status apache2

If you receive an output like the following it means that the Apache server is active and running on your instance:

apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2024-04-14 21:32:07 UTC; 1 week 0 days ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 186445 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
   Main PID: 71814 (apache2)
      Tasks: 11 (limit: 2263)
     Memory: 222.6M
        CPU: 33min 15.206s
     CGroup: /system.slice/apache2.service
             ├─ 71814 /usr/sbin/apache2 -k start
             ├─186454 /usr/sbin/apache2 -k start
             ├─186455 /usr/sbin/apache2 -k start
             ├─186460 /usr/sbin/apache2 -k start
             ├─187533 /usr/sbin/apache2 -k start
             ├─190565 /usr/sbin/apache2 -k start
             ├─190570 /usr/sbin/apache2 -k start

You can also start your Apache server with the following command:

sudo systemctl restart apache2

Reload apache server

sudo systemctl reload apache2

Stop Apache server:

sudo systemctl stop apache2

Allow Apache through the firewall:

We are going to install ssl on our server, so we will need to allow https through the firewall:

sudo ufw allow ‘Apache Full’

Now, we will move on to the next step. If you check out your server’s public ip in the browser, you will see the default Apache page loading.

Upload website files

Create an index.html file on your server inside the root folder.

Suppose you want to run your website from the root folder public_html, we will first need to create this folder and assign ownership to make it writable:

sudo mkdir /var/www/html/public_html
sudo chown -R $USER:$USER /var/www/html/public_html
sudo chmod 755 /var/www/html/public_html

Now, you can add an index.html file to your root folder. Change directory to the root folder:

cd /var/www/html/public_html

Now, add an index.html file to the root folder:

sudo nano index.html

Add the following content to this file and close it.

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>my new site</title>
</head>
<body>
    <h1>Welcome to my website!</h1>
    <p>This is my website..</p>
</body>
</html>

Create a Vhosts file

Before, we can connect to the website, using the domain name, we will need to make a few changes. The first step to bringing the site online is to create a virtual hosts file. Copy the contents of the default virtual hosts file and then make the necessary changes.

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/domain.conf

Replace domain with your real domain name and then make the necessary changes inside the new Vhosts file.

<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        ServerName example.com
        ServerAlias www.example.com

        DocumentRoot /var/www/html/public_html
        
<Directory /var/www/html/public_html/>
            AllowOverride All
          </Directory>

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

After you have made the necessary changes, your Vhosts file will look like the above. Save and close the file. Now, apply the DNS changes. Copy your server’s public ip and add A records inside your DNS account.

To bring the site online, run the following command:

sudo a2ensite domain.conf

Reload apache web server:

sudo systemctl reload apache2

Your website will be accessible via your domain name now, but you might receive an ssl error. So, let’s move on to applying SSL certificate.

Install Certbot

To install free SSL from Let’sEncrypt on your new website, you will first need to install certbot on your web server. Run the following command and it will install the certbot:

sudo apt install certbot python3-certbot-apache

Run Certbot and Install Free SSL

Once the certbot installation is complete, you can run the final SSL installation. You need to make sure that you have created the required Vhosts file and applied DNS changes before applying for the SSL. It is important that you have made the DNS changes to complete the acme challenge.

Run the following command, if you have created all the previous steps:

sudo certbot --apache

Apache server will offer a numbered list of all the websites on your server. Select the right number from the list and then hit enter. Provide your email address and confirm the terms and conditions. In a few seconds, the SSL certificate will be deployed and the certbot will have made all the necessary changes inside your Vhosts file as well.