How to Install Let’s Encrypt SSL Certificate in Apache on Debian 11

17

Let’s Encrypt is a certificates authority that gives unfastened SSL certificate for internet sites. It was once introduced in 2014 with the objective of all internet sites being safe and HTTP.

In addition to providing SSL certificate, it additionally is helping implementation and automated renewal of certificate. Let’s Encrypt is the arena’s biggest certificates authority, utilized by greater than 250 million internet sites.

When penning this submit, Let’s Encrypt helps the automated set up of certificate on Apache, Nginx, Plex, and Haproxy.

Here, we can see find out how to set up Let’s Encrypt SSL Certificate in Apache on Debian 11.

Prerequisites

Install Apache Webserver

I like to recommend you put in the Apache webserver to your machine sooner than you continue additional.

READ: How to Install LAMP Stack on Debian 11

OR

Use the apt command to put in the Apache webserver.

sudo apt replace

sudo apt set up -y apache2

Enable Modules

Use the under command to allow SSL and rewrite modules.

sudo a2enmod ssl rewrite

Create Virtualhost

First, we can want to create an Apache digital host to serve the HTTP model of your web page.

sudo nano /and so forth/apache2/sites-available/www.holhol24.internet.conf

Use the under configuration on your web page. Do take into accout to switch the values according to your requirement. If you don’t use the www subdomain, you’ll be able to take away the ServerAlias.



   ServerName holhol24.internet
   ServerAlias www.holhol24.internet
   ServerAdmin admin@holhol24.internet
   DocumentRoot /var/www/html/www.holhol24.internet


   ErrorLog ${APACHE_LOG_DIR}/www.holhol24.net_error.log
   CustomLog ${APACHE_LOG_DIR}/www.holhol24.net_access.log blended


   /var/www/html/www.holhol24.internet>
      Options FollowSymlinks
      AllowOverride All
      Require all granted
   

Once you may have created the digital host configuration record, allow the website.

sudo a2ensite www.holhol24.internet

Next, create a root listing to carry your web page’s information.

sudo mkdir -p /var/www/html/www.holhol24.internet/

Then, trade the possession and staff of the listing.

sudo chown -R www-data:www-data /var/www/html/www.holhol24.internet/

Finally, position the check HTML record at the record root of the web page.

echo "This is a test site @ www.holhol24.net" | sudo tee /var/www/html/www.holhol24.internet/index.html

Restart the Apache carrier to re-read the configurations.

sudo systemctl reload apache2

Create / Update DNS Record

To generate a Let’s Encrypt SSL certificates, it is very important level your area in your server IP. So, move in your area registrar and create an A/CNAME file on your area. For instance, the under symbol presentations the A/CNAME file for the area www.holhol24.internet.

NOTE: After making adjustments within the DNS file, it is very important look ahead to a couple of mins to hours relies on the TTL you place for the DNS file.

DNS Records

Install Let’s Encrypt SSL Certificate in Apache

Install Certbot

The Certbot ACME shopper handles the certificates issuance and set up without a downtime. It is out there as a snap bundle for Debian working machine. So, first, set up the Snapd bundle.

sudo apt replace

sudo apt set up -y snapd

Then, replace the snapd to the newest model.

sudo snap set up core; sudo snap refresh core

Finally, set up the Certbot shopper the use of the snap command and hyperlink it so as to invoke the certbot command from any place irrespective of the present running listing.

sudo snap set up --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Install Let’s Encrypt Certificate

Use the certbot command to create a Let’s Encrypt certificates and configure Apache to make use of the certificates.

sudo certbot --apache

You will want to apply the interactive urged and set up the certificates. Since I’ve created a digital host for each holhol24.internet and www.holhol24.internet, I can additionally want to set up SSL certificate for each domain names. Then, I can redirect the entire site visitors to www.holhol24.internet by way of rewrite laws.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter e-mail cope with (used for pressing renewal and safety notices)
 (Enter 'c' to cancel): admin@holhol24.native 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please learn the Terms of Service at
https://letsencrypt.org/paperwork/LE-SA-v1.2-November-15-2017.pdf. You should
agree with the intention to check in with the ACME server. Do you settle?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y  

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be prepared, as soon as your first certificates is effectively issued, to
percentage your e-mail cope with with the Electronic Frontier Foundation, a founding
spouse of the Let's Encrypt mission and the non-profit group that
develops Certbot? We'd love to ship you e-mail about our paintings encrypting the internet,
EFF information, campaigns, and tactics to give a boost to virtual freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N 
Account registered.

Which names do you want to turn on HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: holhol24.internet
2: www.holhol24.internet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the fitting numbers separated by means of commas and/or areas, or depart enter
clean to choose all choices proven (Enter 'c' to cancel): 1,2 
Requesting a certificates for holhol24.internet and www.holhol24.internet

Successfully gained certificates.
Certificate is stored at: /and so forth/letsencrypt/are living/holhol24.internet/fullchain.pem
Key is stored at:         /and so forth/letsencrypt/are living/holhol24.internet/privkey.pem
This certificates expires on 2022-01-21.
These information shall be up to date when the certificates renews.
Certbot has arrange a scheduled job to robotically renew this certificates within the background.

Deploying certificates
Successfully deployed certificates for holhol24.internet to /and so forth/apache2/sites-available/www.holhol24.net-le-ssl.conf
Successfully deployed certificates for www.holhol24.internet to /and so forth/apache2/sites-available/www.holhol24.net-le-ssl.conf
Congratulations! You have effectively enabled HTTPS on https://holhol24.internet and https://www.holhol24.internet

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you favor Certbot, please believe supporting our paintings by means of:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Once you turn on HTTPS on your area, the Certbot shopper will position important rewrite laws to redirect site visitors from HTTP to the HTTPS website.

In my case, it has positioned two laws for under redirections.

  1. http://holhol24.internet >> https://holhol24.internet
  2. http://www.holhol24.internet >> https://www.holhol24.internet

As you’ll be able to see, the primary redirection isn’t reached to the www HTTPS model of the area. So, chances are you’ll want to apply the under segment to set it up.

Redirect non-www HTTP requests to www HTTPS with Apache

You might need to configure the Apache webserver to redirect the site visitors from the non-www HTTP website to the WWW HTTPS website, I.e., http://holhol24.internet >> https://www.holhol24.internet.

Edit the Let’s Encrypt SSL digital host record (no longer your unique digital host record).

sudo nano /and so forth/apache2/sites-available/www.holhol24.net-le-ssl.conf

Add the under laws sooner than the . Change the area identify as in line with your requirement.

    # Redirect NON-WWW HTTP to WWW HTTPS
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =holhol24.internet
    RewriteRule ^ https://www.holhol24.internet%{REQUEST_URI} [END,NE,R=permanent]1,L]

Then, restart the Apache carrier.

sudo systemctl restart apache2

Verify Let’s Encrypt Certificate

You can check the Let’s Encrypt certificates by means of visiting your web page.

http://your-http-web-site

OR

https://your-https-web-site

You will have to get the HTTPS model of your website now.

Let’s Encrypt SSL Certificate with Apache on Debian 11
Let’s Encrypt SSL Certificate with Apache on Debian 11

Test SSL Certificate

Test your Let’s Encrypt SSL certificates for any problems and its safety rankings by means of going to the under URL.

https://www.ssllabs.com/ssltest/analyze.html?d=www.holhol24.internet

Renew Let’s Encrypt Certificate

As , Let’s Encrypt certificate have a validity of 90 days, and you have got to make sure they’re renewed on time. The renewal procedure is now automatic and because of the systemd carrier supplied by means of the Certbot shopper. So, you wouldn’t have to resume them manually.

However, it is suggested to check certificates renewals by means of simulating the automated renewal of SSL certificate by means of working the under command.

sudo certbot renew --dry-run

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /and so forth/letsencrypt/renewal/holhol24.internet.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an present certificates for holhol24.internet and www.holhol24.internet

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded: 
  /and so forth/letsencrypt/are living/holhol24.internet/fullchain.pem (luck)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If the output confirms that the check renewal is a success, the automated renewal will occur as anticipated.

Conclusion

That’s All. I am hoping you discovered find out how to Install Let’s Encrypt SSL Certificate in Apache on Debian 11.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More