Installing a certificate using LetsEncrypt on a Ubuntu server with Apache (New version 2022-08-15)
Running webservers on own hardware
I develop a lot of websites, and I run them on my own hardware (a Ubuntu Server).
When developing (on a desk- or laptop), I normally run them using the included webserver (Like Python Flasks built-in)
When deploying to a real webserver, Apache or Nginx is the most common target. This article only deals with Apache.
The old insecure way
Back in the non-https-days (the bad, insecure, days!) I did this:
For example, I run the RoR server using
rails s -b 0.0.0.0 -p 1234
where 1234 is a chosen port on that server.
I then forward this port from my ADSL router like
incoming: 3839 is rerouted to my Ubuntu server port 1234
Being a longtime user of DynDNS, I then setup a hostname there (I have a max of 30 or so available), like
mylittleexample.dnsalias.com
and point it to the external IP of my ADSL router. There are lots of choices to keep this information updated in case the IP would change for some reason.
The downside of this solution is that every RoR-service has to have its own port, and I have to forward an incoming exclusive port to that Ubuntu port. Cumbersome but easy.
A better way, Apache Virtual Hosts
Using Apache and VirtualHosts is harder to setup, but will save work in the long run. See Adding a new Virtual Host under Apache for a description on how to do that.
Adding a LetsEncrypt certificate
Goto https://certbot.eff.org/ and follow the detailed instructions on how to install certbot
sudo apt-get update sudo apt-get install certbot
Then run
sudo certbot --apache
Certbot is really easy to use, as long as you have at least one website resopnsing to port 80. Certbot will update your Virtual Hosts and all you need is to reload/restart Apache.
<VirtualHost *:443> ServerAdmin webmaster@localhost ServerName mylittleexample.dnsalias.com # These two work together DocumentRoot /var/www/mylittleexamplednsaliascom <Directory /var/www/mylittleexamplednsaliascom> Options Indexes FollowSymLinks MultiViews AllowOverride all Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/myserver_error.log CustomLog ${APACHE_LOG_DIR}/myserver_access.log combined # This part is added by certbot! SSLCertificateFile /etc/letsencrypt/live/mylittleexample.dnsalias.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/mylittleexample.dnsalias.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost>