Click Below to subscribe

How to Install SSL on Apache2 Ubuntu Web Server

In this article, we gonna learn, how to install SSL on apache2 web server.

Ubuntu Version:- 20.04

Domain:- ultmateakash.tech

1. Create record on DNS records that points to your server.

2. Log into your server via SSH.

ssh root@your_server_ip

3. Update apt and install apache2.

sudo apt update
sudo apt install apache2

4. Enable firewall.

Check firewall status.

sudo ufw status
root@ultimateakash:~# sudo ufw status
Status: inactive

If firewall's status is inactive, activate it by hitting the below command.

sudo ufw enable
root@ultimateakash:~# sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

5. Update ufw application profiles.

List the ufw application profiles.

sudo ufw app list
root@ultimateakash:~# sudo ufw app list
Available applications:
  Apache
  Apache Full
  Apache Secure
  OpenSSH

These apache profiles were added during apache2 installation.

Allow Apache Full and OpenSSH profiles.

sudo ufw allow 'Apache Full'
sudo ufw allow OpenSSH

Check ufw status.

sudo ufw status
root@ultimateakash:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
Apache Full                ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
Apache Full (v6)           ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)

6. Check apache2 status

sudo systemctl status apache2
root@ultimateakash:~# sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2022-07-03 13:53:50 UTC; 10min ago
       Docs: https://httpd.apache.org/docs/2.4/
   Main PID: 2301 (apache2)
      Tasks: 55 (limit: 2339)
     Memory: 5.1M
     CGroup: /system.slice/apache2.service
             ├─2301 /usr/sbin/apache2 -k start
             ├─2303 /usr/sbin/apache2 -k start
             └─2304 /usr/sbin/apache2 -k start

Jul 03 13:53:50 ultimateakash systemd[1]: Starting The Apache HTTP Server...
Jul 03 13:53:50 ultimateakash systemd[1]: Started The Apache HTTP Server.

Open your domain/server IP in the browser. You will see the default apache2 installation page(/var/www/html/index.html ).

Apache2 has one server block enabled by default that is configured to serve documents from the /var/www/html directory.  You can use this default block but it's recommended to create virtual hosts.

7. Setup Virtual Hosts.

Create the directory for your domain.

sudo mkdir /var/www/ultimateakash.tech

Assign ownership of the directory with the $USER environment variable and grant 775 permission.

sudo chown -R $USER:$USER /var/www/ultimateakash.tech
sudo chmod -R 755 /var/www/ultimateakash.tech

Create a sample index.html

sudo nano /var/www/ultimateakash.tech/index.html

Paste this HTML code.

<html>
    <head>
        <title>ultmateakash.tech</title>
    </head>
    <body>
        <h1>Welcome to ultmateakash.tech</h1>
    </body>
</html>

press ctrl + x and press y then hit enter.

Create a config file.

sudo nano /etc/apache2/sites-available/ultimateakash.tech.conf
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName ultimateakash.tech
    ServerAlias www.ultimateakash.tech
    DocumentRoot /var/www/ultimateakash.tech
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

These three lines

ServerName your_domain
ServerAlias www.your_domain
DocumentRoot /var/www/your_domain

press ctrl + x and press y then hit enter.

Disable the default configuration

sudo a2dissite 000-default.conf

Enable this new configuration.

sudo a2ensite ultimateakash.tech.conf

Reload apache2 to implement the changes.

sudo systemctl reload apache2

8. Install SSL certificates.

Install Certbot

sudo apt install certbot python3-certbot-apache

Obtaining SSL certificates.

sudo certbot --apache -d ultimateakash.tech -d www.ultimateakash.tech

you can pass multiple domains with -d option. you can even use wildcards.

-d *.ultimateakash.tech

After hitting the above command you need to pass your email also you need to provide a few answers.

Finally, SSL is installed on your apache server. you can verify it by hitting your domain in the browser.

Let’s Encrypt’s certificates are only valid for 90 days. but don't worry certbot takes care of renewals.

Check certbot's renewal service status.

sudo systemctl status certbot.timer
root@ultimateakash:~# sudo systemctl status certbot.timer
● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Sun 2022-07-03 15:37:21 UTC; 5s ago
    Trigger: Mon 2022-07-04 06:42:10 UTC; 15h left
   Triggers: ● certbot.service

Jul 03 15:37:21 ultimateakash systemd[1]: Started Run certbot twice daily.

Leave Your Comment