Configuring a new SSL/TLS domain on Apache2

The very easy way.

With Let's Encrypt certificates

How to set up SSL/TLS on Apache for securing web communication. Let’s Encrypt certificate generation.

What do we want:

We want to be able to reach example.com under HTTPS protocol on TLS from scratch.

Apache2 vhost

In /etc/apache2/sites-available/ copy the default one into example.com.conf

$ cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf

Now open example.com.conf and add "ServerName example.com" under "DocumentRoot ... "

Make sure ssl is enabled in Apache with:

$ a2enmod ssl

Now restart apache2:

$ systemctl restart apache2

You can go to http://example.com to check if it’s working. You should see the standart Apache2 Ubuntu Default Page.

Let's Encrypt CertBot

Go to https://certbot.eff.org/ end select your configuration.

For Ubuntu the commands needed are:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

Certificate Generation (RSA 4096bit)

If you want a simple RSA certificate without further security options go straight with:

$ certbot run -d example.com --apache --rsa-key-size 4096 --redirect

If you want also OCSP Stapling then go with this command:

$ certbot run -d example.com --apache --rsa-key-size 4096 --redirect
                    --must-staple --uir --staple-ocsp

The –redirect will automatically configure apache to redirect users from HTTP to HTTPS. At the end, certbot has created and acrivated a new virtual host for the https domain called example.com-le-sll.conf

Restart apache2 the last time.

DONE!

Now you can go to http://example.com and apache will redirect you to the https version.

Please feel free to make any comment! If anything is unclear, just write in the comment and I will update the post!Thanks for reading!

Carlo Alberto Scola

Configuring SSL/TLS for a domain on Apache2