Securing Apache with Let’s Encrypt SSL Certificate on Debian 12

Table of Contents

Welcome to our comprehensive tutorial on fortifying your Apache web server with the added layer of security provided by Let’s Encrypt SSL certificates on Debian 12. Online security is of utmost importance, ensuring that data transmitted between your server and users remains confidential is non-negotiable. Apache, renowned for its reliability, coupled with Let’s Encrypt user-friendly SSL certificate management, forms a powerful combination to create a secure and encrypted environment. Follow along as we guide you step-by-step through the process, empowering you to enhance the security of your web server and provide a safer online experience for your users.

 

Configure Debian 12 server on VPSie

Let’s create a Debian 12 Virtual Machine (VM) with a Fully Qualified Domain Name (FQDN). If you’ve already completed this step, feel free to skip ahead.

 

 

Please log in using your user credentials on the VPSie Controls panel and navigate to the page for creating a new server and select Debian 12 as the OS image.

VPSie Control panel

Now, choose a convenient datacenter location that suits your business needs. Select an appropriate server package and choose a public IP as well.

 

 

Tick the box labeled Add A record to an existing domain/subdomain to include your domain in the server. Subsequently, press the Add Server button to initiate the creation process.

Set up the Apache server

Access your server using your credentials through SSH. Prior to installing any new software, it is advisable to update the system packages to their most recent versions, execute the following commands to do so.

sudo apt update -y

Install Apache now:

sudo apt install apache2
After completing the Apache installation, ensure that Apache is set to start automatically on boot, and then initiate the Apache service. Run the following command to do it:
sudo systemctl enable apache2 && sudo systemctl start apache2

Verify the status of Apache to ensure everything is functioning correctly.

 

sudo systemctl status apache2
 
For testing purposes, let’s create a basic webpage on Apache for this tutorial. Skip this step if you are using any services that rely on your server’s IP address.

 

 
Create a new HTML file:

Use a text editor to create a new HTML file. For example, you can use nano:
sudo nano /var/www/html/index.html
Edit the HTML file:
Add the following basic HTML content to your index.html file:
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>VPSie Tutorials</title>
</head>
<body>
    <h1>Welcome to VPSie Tutorials</h1>
    <p>This is a simple webpage on your VPSie server.</p>
</body>
</html>
Save and exit from the editor.
 
Adjust File Permissions by running the following command:
sudo chmod 644 /var/www/html/index.html

Access your website by opening a web browser and entering your server’s IP address or domain name in the address bar.


Set up an SSL certificate using Certbot.

To set up snapd, execute the provided command for installation:

sudo apt install snapd

Following this step, proceed to install the core snap to ensure that you have the most up-to-date snapd:

sudo snap install core

If you have Certbot packages installed through an OS package manager like apt, it’s recommended to uninstall them before installing the Certbot snap. This ensures that when you execute the command certbot, it utilizes the snap version instead of the one installed via your OS package manager:

sudo apt-get remove certbot

Now run this command on the command line on the machine to install Certbot:

sudo snap install --classic certbot

Run the provided command to ensure that the certbot command can be executed:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Execute the following command to obtain a certificate using Certbot and automatically configure your Apache settings. This process will enable HTTPS access in a seamless single step:

sudo certbot --apache
 

Upon executing the provided command, you will receive prompts to input your email address to receive notifications, agree to the Terms of Service (TOS), and provide your Fully Qualified Domain Name (FQDN) for attaching the SSL certificate. Please input the information as per the given instructions.

 

 

Upon inputting all the required information, you should see the output as follows.

Check SSL certificate verification and website access

 

Verify that the SSL certificate is correctly assigned to your website. Access your website by entering the domain name (FQDN) into the address bar of your web browser.

https://yourwebsite.com/
VPSie

The existing certificate has a validity period of only 3 months, but you can easily set up automatic renewal. The Certbot packages installed on your system include a cron job or systemd timer that automatically renews your certificates before they expire. You won’t have to manually run Certbot again unless you modify your configuration. To test the automatic renewal for your certificates, you can execute the following command:

sudo certbot renew --dry-run

 

The instruction for renewing Certbot is available in one of these locations:

/etc/crontab/
/etc/cron.*/*
systemctl list-timers

Let's Encrypt SSL

 

 

In conclusion, implementing Certbot SSL certificates to secure Apache on Debian 12 provides a robust solution for enhancing the security of web servers. By following the steps outlined in this article, users can effectively safeguard their Apache installations, ensuring encrypted connections.

Make a Comment
Share on
Facebook
Twitter
LinkedIn
Print
VPSie Cloud service

Fast and Secure Cloud VPS Service

Try FREE
For a month

The First 1 orders gets free discount today! Try Sign up on VPSie to get a chance to get the discount.