How to Install SSL on Ubuntu 22
Let’s Encrypt is a Certificate Authority (CA) that helps acquire and install free SSL/TLS certificates, providing secure HTTPS on servers that host web pages. It simplifies the process with a program called Certbot. Certbot, which attempts to automatize the majority (if not every) of the steps required on how to set up SSL on Apache Ubuntu 22.04. Nowadays, if you buy a Ubuntu VPS server, you don’t need to know where and how to install SSL on Apache or any version that your Ubuntu is running. The whole procedure of getting and registering a certificate has been completely automated for both Apache as well as Nginx.
In this article, we’ll be using Certbot to install the Let’s Encrypt SSL certificate on Ubuntu 22.04. Also, make sure the certificate is configured to renew automatically.
This tutorial makes use of a separate virtual host file in lieu of Apache’s default configuration files to create a website that is secured with Let’s Encrypt. It is recommended to create a fresh Apache virtual host file for every domain that is hosted by an Apache server, as it assists in avoiding mistakes that are common and preserves the default configuration files for an alternative setup.
Step 1: Installing Certbot
To install SSL on Ubuntu 22.04, it is necessary to set up Certbot on your server. It will use the standard Ubuntu repository for packages to do this.
Firstly, make sure to update your local package index:
Sudo apt update
You need two packages: Certbot and python3-certbot-apache. This is a plug-in that integrates Certbot with Apache, which makes it easier for you to Buy an SSL certificate as well as configure HTTPS on your website server in a single line of code:
Sudo apt install certbot python3-certbot-apache
The user will be asked to confirm their installation by pressing Y and then clicking Enter.
Certbot has been installed on your server. The next step is to check Apache’s configuration to confirm that your virtual host has been configured correctly. It will also ensure that your client software will be able to recognize the domains you have and configure your server’s webserver to utilize your new SSL certificate in a timely manner.
Step 2: Check your Apache Virtual Host Configuration
For Certbot to instantly install SSL on Ubuntu 20.04, Certbot requires you to locate the right virtual host in the Apache settings files. The server’s domain name(s) will be pulled by using your ServerName as well as ServerAlias directives in the VirtualHost configuration.
For confirmation that this has been installed, start the virtual host file to verify the domain is set up using Nano or any other text editor.
Simply use the following command and change the your_domain appropriately:
Sudo nano /etc/apache2/sites-available/your_domain.conf
Once you are in the editor, find ServerName and ServerAlias and change them to your domain name:
ServerName your_domain
ServerAlias www.your_domain
Once you are done, save and exit the text editor and reload Apache by following:
Sudo systemctl reload apache2
Step 3: Allowing HTTPS Through the Firewall
If you’ve got the firewall enabled, it is necessary to alter the settings to permit HTTPS to be used. When you install Apache, it registers a few various UFW profiles for applications.
To determine what type of traffic is allowed to be used on your server, use the following command:
Sudo ufw status
If you don’t see Apache is allowed from anywhere, you may have to do a little modification.
To permit HTTPS traffic, you must enable to use of the “Apache Full” profile:
Sudo ufw allow ‘Apache Full’
Remove the duplicate “Apache” profile:
Sudo ufw delete allow ‘Apache’
Check your status by using the following command:
Sudo ufw status
It is now time to start Certbot and install SSL on Apache.
Step 4: Getting an SSL Certificate
Certbot offers a range of options to get SSL certificates by utilizing different plugins. The Apache plugin is in charge of changing the configuration of Apache and loading the configuration as needed. To activate this plugin, you must run this command:
Sudo certbot –apache
This command will require users to respond to a set of questions that will allow them to set up the settings for their SSL certificate. It will first request an email address that is valid. The email address will be used for renewal notices and security notifications.
Once you have provided a valid email address, click Enter. Then, you will be asked to confirm that you have agreed to the terms and conditions of service. It is possible to confirm your agreement by pressing “Y” and pressing Enter.
Then you’ll be asked whether you’d like to give your email address to Electronic Frontier Foundation to receive announcements and other news. If you’re not interested in receiving their emails, you can enter “N”. If not, type “Y” and click Enter.
Next, it will ask you to notify Certbot of the domains that you’d like HTTPS to be activated for. The domains listed are generated automatically by analyzing the Apache virtual host’s configuration, which is why it’s essential to be sure that you’ve got the right ServerName as well as ServerAlias configurations set up on the virtual hosting account. If you’d prefer to enable HTTPS for all the domains, it is possible to ignore the prompt and then press Enter to move on. If not, you can select the domains you’d like to allow HTTPS on by listing the appropriate numbers with commas separated and spaces. Then hit Enter.
At this point, you will then be provided with the final details about the new certificate and the location of the certificates that have been generated.
Your certificate is in Apache’s configuration. Reload your site by using https:// and look for the security indicator in your browser. The indicator should tell you your website is protected, usually with a lock symbol in your address bar.
It is possible to use the SSL Labs Server Test to confirm the quality of your certificate as well as get more detailed information on it from the point of view of an outside service.
In the following stage, you’ll be testing the auto-renewal function of Certbot to ensure that the certificate will automatically renew prior to the date of expiration.
Step 5: Verifying Auto-Renewal
Certificates issued by Let’sEncrypt are valid for ninety days. This is so that users are enticed to streamline their renewal procedure and also to make sure that certificates used for fraudulent purposes or keys stolen from the system expire faster than later.
The certbot application you have installed handles renewals by adding a renewal script in /etc/cron.d, which is handled by a systemctl service named certbot.timer. The script runs two times a day, and it will renew any certificate with a validity of 30 days of the expiration date.
For a quick check of the current status of this service and ensure it’s working, try the following commands:
Sudo systemctl status certbot.timer
To check the process of renewal:
Sudo certbot renew –dry-run
If you’re not receiving errors, you’re done. If necessary, Certbot will renew your certificates and load Apache to reflect the modifications. If the automatic renewal process does not succeed, then Let’s Encrypt will email a notification to the address you have specified to notify you that your certificate is set to expire.
Conclusion
When you buy an Ubuntu server, you are going to need to install SSL on it. If, of course, you are using it to host websites. In this guide, we discussed how to install the Let’s Encrypt SSL certificate on Ubuntu 22.04. In addition, we put an auto-renewal in place, so you don’t have to worry about the installed SSL running out on its own!