Installing a certificate using LetsEncrypt on a Ubuntu server with Apache (New version 2022-08-15)

Running webservers on own hardware

I develop a lot of websites, and I run them on my own hardware (a Ubuntu Server).

When developing (on a desk- or laptop), I normally run them using the included webserver (Like Python Flasks built-in)

When deploying to a real webserver, Apache or Nginx is the most common target. This article only deals with Apache.

The old insecure way

Back in the non-https-days (the bad, insecure, days!) I did this:

For example, I run the RoR server using

rails s -b 0.0.0.0 -p 1234

where 1234 is a chosen port on that server.

I then forward this port from my ADSL router like

incoming: 3839 is rerouted to my Ubuntu server port 1234

Being a longtime user of DynDNS, I then setup a hostname there (I have a max of 30 or so available), like

mylittleexample.dnsalias.com

and point it to the external IP of my ADSL router. There are lots of choices to keep this information updated in case the IP would change for some reason.

The downside of this solution is that every RoR-service has to have its own port, and I have to forward an incoming exclusive port to that Ubuntu port. Cumbersome but easy.

A better way, Apache Virtual Hosts

Using Apache and VirtualHosts is harder to setup, but will save work in the long run. See Adding a new Virtual Host under Apache for a description on how to do that.

Adding a LetsEncrypt certificate

Goto https://certbot.eff.org/ and follow the detailed instructions on how to install certbot

sudo apt-get update
sudo apt-get install certbot

Then run

sudo certbot --apache

Certbot is really easy to use, as long as you have at least one website resopnsing to port 80. Certbot will update your Virtual Hosts and all you need is to reload/restart Apache.

<VirtualHost *:443>
  ServerAdmin webmaster@localhost
  ServerName mylittleexample.dnsalias.com

  # These two work together
  DocumentRoot /var/www/mylittleexamplednsaliascom
  <Directory /var/www/mylittleexamplednsaliascom>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Require all granted
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/myserver_error.log
  CustomLog ${APACHE_LOG_DIR}/myserver_access.log combined

  # This part is added by certbot!
  SSLCertificateFile /etc/letsencrypt/live/mylittleexample.dnsalias.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/mylittleexample.dnsalias.com/privkey.pem

  Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.