Configuring a new SSL/TLS domain on Apache2

The very easy way.

With Let's Encrypt certificates

How to set up SSL/TLS on Apache for securing web communication. Let’s Encrypt certificate generation.

What do we want:

We want to be able to reach under HTTPS protocol on TLS from scratch.

Apache2 vhost

In /etc/apache2/sites-available/ copy the default one into

$ cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/

Now open and add "ServerName" under "DocumentRoot ... "

Make sure ssl is enabled in Apache with:

$ a2enmod ssl

Now restart apache2:

$ systemctl restart apache2

You can go to to check if it’s working. You should see the standart Apache2 Ubuntu Default Page.

Let's Encrypt CertBot

Go to end select your configuration.

For Ubuntu the commands needed are:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

Certificate Generation (RSA 4096bit)

If you want a simple RSA certificate without further security options go straight with:

$ certbot run -d --apache --rsa-key-size 4096 --redirect

If you want also OCSP Stapling then go with this command:

$ certbot run -d --apache --rsa-key-size 4096 --redirect
                    --must-staple --uir --staple-ocsp

The –redirect will automatically configure apache to redirect users from HTTP to HTTPS. At the end, certbot has created and acrivated a new virtual host for the https domain called

Restart apache2 the last time.


Now you can go to and apache will redirect you to the https version.

Please feel free to make any comment! If anything is unclear, just write in the comment and I will update the post!Thanks for reading!