certbot (apache) - Serbipunk/notes GitHub Wiki

ChatGPT's answer

To turn an HTTP site hosted on Apache/Ubuntu into HTTPS, you need to obtain an SSL/TLS certificate and configure your Apache server to use it. Here's a general guide to achieve this, using Let's Encrypt as a free certificate provider through Certbot, which automates most of the process:

Step 1: Install Certbot Certbot is a free, open-source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS. Install Certbot and its Apache plugin with:

sudo apt update
sudo apt install certbot python3-certbot-apache

Step 2: Obtain a Let's Encrypt Certificate Run Certbot with the Apache plugin to automatically obtain and install a certificate:

sudo certbot --apache

Certbot will ask for information during the process, such as the email address for important account notifications, agreeing to the Terms of Service, and which domains you'd like to activate HTTPS for.

Step 3: Verify Certbot Auto-Renewal Let's Encrypt certificates are valid for 90 days. Certbot should automatically set up a cron job or systemd timer to renew certificates before they expire. You can test automatic renewal with:

sudo certbot renew --dry-run

Step 4: Adjust Apache Configuration (if necessary) Certbot typically adjusts your Apache configuration as needed during the certificate installation process. However, you may want to manually inspect or adjust the configuration. HTTPS configurations are typically found in files under /etc/apache2/sites-available/. Ensure you have directives to redirect HTTP traffic to HTTPS, such as:

<VirtualHost *:80>
    ServerName yourdomain.com
    Redirect permanent / https://yourdomain.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName yourdomain.com

    # SSL Configuration
    SSLEngine on
    SSLCertificateFile      /path/to/your/fullchain.pem
    SSLCertificateKeyFile   /path/to/your/privkey.pem
    # Include other configurations below
</VirtualHost>

Replace yourdomain.com with your actual domain name and adjust the paths to your certificate files as necessary (Certbot usually takes care of this).

Step 5: Test HTTPS Configuration After installing the certificate and configuring Apache, test your configuration:

Restart Apache:

sudo systemctl restart apache2

Use a browser to navigate to your site with https:// and verify that the connection is secure.

Optionally, use online tools like SSL Labs' SSL Test to analyze the quality of your server's SSL/TLS configuration.

By following these steps, you should be able to secure your Apache-hosted site on Ubuntu with HTTPS.