How To Secure Apache with Let's Encrypt on Ubuntu

A Step-by-Step Guide to Bolstering Apache Security. Let's Encrypt on Ubuntu! Unlock the Secrets to a Safer Online Experience in Just a Few Clicks.

This post will show you how to set up a TLS/SSL certificate from Let’s Encrypt on an Ubuntu server running Apache as a web server.

Introduction about SSL

SSL stands for Secure Socket Layer. SSL is a protocol used for sending confidential data over the Internet. SSL creates a secure connection between a web browser and the server. In this process, SSL uses encryption to keep the data private.

Advantages of SSL

Encrypts Information. SSL certificate ensures the data you send online are read by only the intended recipient and none else.
• SSL makes some changes in the original data so that the data can’t be read by the third parties.
• Having SSL certificate ensures authentication.
• Secure against phishing attacks.
• Better search engine rankings.

Install SSL certificate using Let’s Encrypt


Ubuntu server with a non-root sudo user.
• The Apache web server installed and domain name properly configured.
• Your domain mapped with server IP.

Step 1 — Install the Let’s Encrypt Client

The first step to Let’s Encrypt SSL certificate is to install the certbot software on your server.

sudo add-apt-repository ppa:certbot/certbot

You will need to press ENTER to accept. Then update the package list using following command

sudo apt-get update

Install Certbot SSL using following command.

sudo apt-get install python-certbot-apache

Step 2 — Set Up the SSL Certificate

Following command is automatically install a new SSL certificate on apache server that is valid for only 3 months. A single certificate that is valid for multiple domains or subdomains. Execute following command.

sudo certbot --apache -d

If you can execute above command then it will ask some basic information like email, agree terms & service and enabling both http and https access. After install certificate, automatically changed apache configuration file as required.
When the installation is finished, you should be able to find the generated certificate files at /etc/letsencrypt/live.

Step 3 — Auto Renewal SSL Certificate

Let’s Encrypt’s certificates is valid for 3 months. Following command is to check for expiring certificates and renew them automatically.

sudo crontab -e

After execute above command, Your text editor will open the default crontab which is a text file with some help text in it.
Paste in the following line at the end of the file, then save and close it:

15 3 * * * /usr/bin/certbot renew --quiet

Now your domain is ready with SSL Certificate.

Amit K

    Amit Kansagara is a seasoned ERP solution expert with over 15 years of experience in multiple industries. He has spent more than a decade in Australia, Malaysia, and the United States providing custom software solutions. He specializes in automation, enabling firms to focus on key activities through the use of effective ERP systems. He currently works as an ERP Consultant and specializes in designing and implementing solutions for large-scale organizations, with a focus on RFID-based inventory systems, AI integration, and process automation. Amit is committed to assisting enterprises in optimizing their operations and achieving long-term success through innovative technological solutions.

Schedule Consultation with Amit   S​​​​chedule Now

in Odoo