How to install an SSL Certificate with certbot on Ubuntu and Apache

SSL Certificates are an essential part of any website or web application, and are vital for protecting the privacy and security of your users.

They encrypt the data sent between a web server and a browser, securing data against interception, and verifying the website's identity to ensure that it is legitimate.

Fortunately, you can easily install a Let's Encrypt certificate for free on your server thanks to their certbot script. Before we begin, be sure to have your DNS set up properly.

In our case, we are going to set this up for the following domains:

• https://example.ca

• https://www.example.ca

The Certbot script runs off of the snapd bundle manager. This bundle manager is already pre-installed with Ubuntu 18.04 and above. If you are not sure if it is, it's always good to double check:

First, let's make sure our package manager is up to date.

sudo apt update

Now, we check if snapd is already installed and install it if it hasn't already been.

sudo apt install snapd

After installing snapd, we update it to the latest version and restart it.

sudo snap install core sudo snap refresh core

Now, we can install certbot.

sudo snap install --classic certbot

Prepare the certbot command, so it can be ran from the command line.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Finally, we run de certbot command to start the script and follow the instructions on screen.

sudo certbot --apache

On the first activation of Certbot, it will ask you to register an email address with this installation. They use this email to send any urgent messages concerning your certificate.

sudo certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): admin@example.ca

It will ask you to read the Terms of Service and agree in order to continue.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y

The next prompt is for promotional emails, and it is up to you.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y

Finally, we want to activate both names, so we're just going to press ENTER.

Which names would you like to activate HTTPS for? We recommend selecting either all domains, or all domains in a VirtualHost/server block. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: example.ca 2: www.example.ca - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):

There we go, if there is no connection error and your DNS is pointing to the correct server for the domains. The SSL Certificate activation should go as planned.

Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/example.ca/fullchain.pem Key is saved at: /etc/letsencrypt/live/example.ca/privkey.pem This certificate expires on 2023-03-12. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for example.ca to /etc/apache2/sites-available/000-default-le-ssl.conf Successfully deployed certificate for www.example.ca to /etc/apache2/sites-available/000-default-le-ssl.conf Congratulations! You have successfully enabled HTTPS on https://example.ca and https://www.example.ca - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

A redirect from HTTP to HTTPS is also added into the Apache configuration files for the webserver. You can now visit your website to confirm that everything is working and secured.