Today, we are installing certbot on Debian 11 with Apache2 (Apache/2.4.54 (Debian). This article assumes you have Apache installed. If not, see How To Install LAMP (Linux, Apache, MySql-Maria, PHP) On Debian 11.
Here are some great sources: https://certbot.eff.org/instructions
The recommended way is to use snappy.
$ sudo apt update
Then install the snapd package:
$ sudo apt install snapd
$ sudo snap install core
$ sudo snap refresh core
Install the certbot snap with the following command.
$ sudo snap install --classic certbot
This installation process will install the certbot executable in the /snap/bin/ directory. Create a symbolic link to this file in the /usr/bin/ directory to ensure that you can run the certbot command anywhere on your system:
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Certbot is now ready to use, but in order for it to configure SSL for Apache, you need to verify that Apache has been configured correctly.
Setting Up the SSL Certificate
Open the virtual host file for your domain using nano or your favorite text editor:
$ sudo nano /etc/apache2/sites-available/yoursite.conf
Find the existing ServerName line.
/etc/apache2/sites-available/yoursite.conf ... ServerName yoursite.com; ...
Next, verify the syntax of your configuration edits:
$ sudo apache2ctl configtest
Output. You can ignore the warning message. Look for “Syntax OK”.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message Syntax OK
Certbot can now find the correct VirtualHost block and update it.
Getting and Installing an SSL Certificate
Note: Make sure that the A record for the DNS is pointing to the server so Certbot can match the IP with the domain.
Certbot provides ways to obtain SSL certificates through plugins. The Apache plugin will take care of reconfiguring Apache and reloading the configuration. To use this plugin, run the following:
$ sudo certbot --apache -d yoursite.com -d www.yoursite.com
This runs certbot with the –apache plugin, using -d to specify the names for which you’d like the certificate to be valid.
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): user@domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: n Account registered. Requesting a certificate for yoursite.com and www.yoursite.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/yoursite.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/yoursite.com/privkey.pem This certificate expires on 2023-01-25. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for ipgw.io to /etc/apache2/sites-available/yoursite.com-le-ssl.conf Successfully deployed certificate for www.ipgw.io to /etc/apache2/sites-available/yoursite.com-le-ssl.conf Congratulations! You have successfully enabled HTTPS on https://yoursite.com and https://www.yoursite.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
To check you can look at the site’s apache configuration file.
Note above…
Successfully deployed certificate for ipgw.io to /etc/apache2/sites-available/yoursite.com-le-ssl.conf
Successfully deployed certificate for www.ipgw.io to /etc/apache2/sites-available/yoursite.com-le-ssl.conf
Now you should reload the site and see the new ssl cert in action. You can also check the ssl at https://www.sslshopper.com/ssl-checker.html
If you need assistance, please contact our support at Geekdecoder IT Support.
1 thought on “Set up Let’s Encrypt on Debian 11 with Apache Server”