{"id":16964,"date":"2023-11-03T09:24:08","date_gmt":"2023-11-03T09:24:08","guid":{"rendered":"https:\/\/www.appservgrid.com\/paw92\/?p=16964"},"modified":"2023-11-03T09:24:11","modified_gmt":"2023-11-03T09:24:11","slug":"how-to-secure-apache-with-lets-encrypt-on-ubuntu-22-04","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2023\/11\/03\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-22-04\/","title":{"rendered":"How To Secure Apache with Let&#8217;s Encrypt on Ubuntu 22.04"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"750\" height=\"357\" src=\"https:\/\/www.appservgrid.com\/paw92\/wp-content\/uploads\/2023\/11\/image-2.png\" alt=\"\" class=\"wp-image-16965\" srcset=\"https:\/\/www.appservgrid.com\/paw92\/wp-content\/uploads\/2023\/11\/image-2.png 750w, https:\/\/www.appservgrid.com\/paw92\/wp-content\/uploads\/2023\/11\/image-2-300x143.png 300w\" sizes=\"auto, (max-width: 706px) 89vw, (max-width: 767px) 82vw, 740px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"introduction\"><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#introduction\"><strong>Introduction<\/strong><\/a><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#introduction\"><\/a><\/h3>\n\n\n\n<p>Let\u2019s Encrypt is a Certificate Authority (CA) that facilitates obtaining and installing free&nbsp;<a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs\">TLS\/SSL certificates<\/a>, thereby enabling encrypted HTTPS on web servers. It streamlines the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. Currently, the entire process of obtaining and installing a certificate is fully automated on both Apache and Nginx.<\/p>\n\n\n\n<p>In this guide, you\u2019ll use&nbsp;<a href=\"https:\/\/certbot.eff.org\/\">Certbot<\/a>&nbsp;to obtain a free SSL certificate for Apache on Ubuntu 22.04, and make sure this certificate is set up to renew automatically.<\/p>\n\n\n\n<p>This tutorial uses a separate virtual host file instead of Apache\u2019s default configuration file for setting up the website that will be secured by Let\u2019s Encrypt.&nbsp;<a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-the-apache-web-server-on-ubuntu-22-04#step-5-setting-up-virtual-hosts-recommended\">We recommend<\/a>&nbsp;creating new Apache virtual host files for each domain hosted in a server because it helps to avoid common mistakes and maintains the default configuration files as a fallback setup.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"prerequisites\"><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#prerequisites\"><strong>Prerequisites<\/strong><\/a><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#prerequisites\"><\/a><\/h2>\n\n\n\n<p>To follow this tutorial, you will need:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>One Ubuntu 22.04 server set up with a non-<em>root<\/em>&nbsp;user with&nbsp;<code>sudo<\/code>&nbsp;administrative privileges and firewall enabled. You can set this up by following our&nbsp;<a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/initial-server-setup-with-ubuntu-22-04\">initial server setup for Ubuntu 22.04<\/a>&nbsp;tutorial.<\/li>\n\n\n\n<li>A fully registered domain name. This tutorial will use&nbsp;<strong>your_domain<\/strong>&nbsp;as an example throughout. You can purchase a domain name on&nbsp;<a href=\"https:\/\/namecheap.com\/\">Namecheap<\/a>, get one for free on&nbsp;<a href=\"http:\/\/www.freenom.com\/en\/index.html\">Freenom<\/a>, or use the domain registrar of your choice.<\/li>\n\n\n\n<li>Both of the following DNS records set up for your server. You can follow\u00a0<a href=\"https:\/\/docs.digitalocean.com\/products\/networking\/dns\/\">this introduction to DigitalOcean DNS<\/a>\u00a0for details on how to add them.\n<ul class=\"wp-block-list\">\n<li>An A record with&nbsp;<code><mark>your_domain<\/mark><\/code>&nbsp;pointing to your server\u2019s public IP address.<\/li>\n\n\n\n<li>An A record with&nbsp;<code>www.<mark>your_domain<\/mark><\/code>&nbsp;pointing to your server\u2019s public IP address.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Apache installed by following&nbsp;<a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-the-apache-web-server-on-ubuntu-22-04\">How To Install Apache on Ubuntu 22.04<\/a>. Be sure that you have a&nbsp;<a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-the-apache-web-server-on-ubuntu-22-04#step-5-setting-up-virtual-hosts-recommended\">virtual host file<\/a>&nbsp;for your domain. This tutorial will use&nbsp;<code>\/etc\/apache2\/sites-available\/<mark>your_domain<\/mark>.conf<\/code>&nbsp;as an example.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-1-installing-certbot\"><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-1-installing-certbot\"><strong>Step 1 \u2014 Installing Certbot<\/strong><\/a><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-1-installing-certbot\"><\/a><\/h2>\n\n\n\n<p>To obtain an SSL certificate with Let\u2019s Encrypt, you need to install the Certbot software on your server. You\u2019ll use the default Ubuntu package repositories for that.<\/p>\n\n\n\n<p>First, update the local package index:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\n<\/code><\/pre>\n\n\n\n<p>You need two packages:&nbsp;<code>certbot<\/code>, and&nbsp;<code>python3-certbot-apache<\/code>. The latter is a plugin that integrates Certbot with Apache, making it possible to automate obtaining a certificate and configuring HTTPS within your web server with a single command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install certbot python3-certbot-apache\n<\/code><\/pre>\n\n\n\n<p>You will be prompted to confirm the installation by pressing&nbsp;<code>Y<\/code>, then&nbsp;<code>ENTER<\/code>.<\/p>\n\n\n\n<p>Certbot is now installed on your server. In the next step, you\u2019ll verify Apache\u2019s configuration to make sure your virtual host is set appropriately. This will ensure that the&nbsp;<code>certbot<\/code>&nbsp;client script will be able to detect your domains and reconfigure your web server to use your newly generated SSL certificate automatically.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-2-checking-your-apache-virtual-host-configuration\"><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-2-checking-your-apache-virtual-host-configuration\"><strong>Step 2 \u2014 Checking your Apache Virtual Host Configuration<\/strong><\/a><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-2-checking-your-apache-virtual-host-configuration\"><\/a><\/h2>\n\n\n\n<p>To automatically obtain and configure SSL for your web server, Certbot needs to find the correct virtual host within your Apache configuration files. Your server domain name(s) will be retrieved from the&nbsp;<code>ServerName<\/code>&nbsp;and&nbsp;<code>ServerAlias<\/code>&nbsp;directives defined within your&nbsp;<code>VirtualHost<\/code>&nbsp;configuration block.<\/p>\n\n\n\n<p>If you followed the&nbsp;<a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-the-apache-web-server-on-ubuntu-22-04#step-5-setting-up-virtual-hosts-recommended\">virtual host setup step in the Apache installation tutorial<\/a>, you should have a VirtualHost block set up for your domain at&nbsp;<code>\/etc\/apache2\/sites-available\/<mark>your_domain<\/mark>.conf<\/code>&nbsp;with the&nbsp;<code>ServerName<\/code>&nbsp;and also the&nbsp;<code>ServerAlias<\/code>&nbsp;directives already set appropriately.<\/p>\n\n\n\n<p>To confirm this is set up, open the virtual host file for your domain using&nbsp;<code>nano<\/code>&nbsp;or your preferred text editor:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/apache2\/sites-available\/<mark>your_domain<\/mark>.conf\n<\/code><\/pre>\n\n\n\n<p>Find the existing&nbsp;<code>ServerName<\/code>&nbsp;and&nbsp;<code>ServerAlias<\/code>&nbsp;lines. They should be listed as follows:<\/p>\n\n\n\n<p>\/etc\/apache2\/sites-available\/your_domain.conf<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>...\nServerName <mark>your_domain<\/mark>\nServerAlias <mark>www.your_domain<\/mark>\n...\n<\/code><\/pre>\n\n\n\n<p>If you already have your&nbsp;<code>ServerName<\/code>&nbsp;and&nbsp;<code>ServerAlias<\/code>&nbsp;set up like this, you can exit your text editor and move on to the next step. If your current virtual host configuration doesn\u2019t match the example, update it accordingly. If you\u2019re using&nbsp;<code>nano<\/code>, you can exit by pressing&nbsp;<code>CTRL+X<\/code>, then&nbsp;<code>Y<\/code>&nbsp;and&nbsp;<code>ENTER<\/code>&nbsp;to confirm your changes, if any. Then, run the following command to validate your changes:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apache2ctl configtest\n<\/code><\/pre>\n\n\n\n<p>You should receive&nbsp;<code>Syntax OK<\/code>&nbsp;as a response. If you get an error, reopen the virtual host file and check for any typos or missing characters. Once your configuration file\u2019s syntax is correct, reload Apache so that the changes take effect:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl reload apache2\n<\/code><\/pre>\n\n\n\n<p>With these changes, Certbot will be able to find the correct VirtualHost block and update it.<\/p>\n\n\n\n<p>Next, you\u2019ll update the firewall to allow HTTPS traffic.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-3-allowing-https-through-the-firewall\"><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-3-allowing-https-through-the-firewall\"><strong>Step 3 \u2014 Allowing HTTPS Through the Firewall<\/strong><\/a><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-3-allowing-https-through-the-firewall\"><\/a><\/h2>\n\n\n\n<p>If you have the UFW firewall enabled, as recommended by the prerequisite guides, you\u2019ll need to adjust the settings to allow HTTPS traffic. Upon installation, Apache registers a few different UFW application profiles. You can leverage the&nbsp;<strong>Apache Full<\/strong>&nbsp;profile to allow both HTTP and HTTPS traffic on your server.<\/p>\n\n\n\n<p>To verify what kind of traffic is currently allowed on your server, check the status:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw status\n<\/code><\/pre>\n\n\n\n<p>If you followed one of our Apache installation guides, you will have output similar to the following, meaning that only HTTP traffic on port&nbsp;<code>80<\/code>&nbsp;is currently allowed:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>OutputStatus: active\n\nTo                         Action      From\n--                         ------      ----\nOpenSSH                    ALLOW       Anywhere                  \n<mark>Apache                     ALLOW       Anywhere<\/mark>             \nOpenSSH (v6)               ALLOW       Anywhere (v6)             \n<mark>Apache (v6)                ALLOW       Anywhere (v6)<\/mark>\n<\/code><\/pre>\n\n\n\n<p>To allow for HTTPS traffic, allow the \u201cApache Full\u201d profile:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 'Apache Full'\n<\/code><\/pre>\n\n\n\n<p>Then delete the redundant \u201cApache\u201d profile:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw delete allow 'Apache'\n<\/code><\/pre>\n\n\n\n<p>Your status will display as the following:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw status\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>OutputStatus: active\n\nTo                         Action      From\n--                         ------      ----\nOpenSSH                    ALLOW       Anywhere                  \n<mark>Apache Full                ALLOW       Anywhere<\/mark>                  \nOpenSSH (v6)               ALLOW       Anywhere (v6)             \n<mark>Apache Full (v6)           ALLOW       Anywhere (v6)<\/mark>        \n<\/code><\/pre>\n\n\n\n<p>You are now ready to run Certbot and obtain your certificates.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-4-obtaining-an-ssl-certificate\"><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-4-obtaining-an-ssl-certificate\"><strong>Step 4 \u2014 Obtaining an SSL Certificate<\/strong><\/a><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-4-obtaining-an-ssl-certificate\"><\/a><\/h2>\n\n\n\n<p>Certbot provides a variety of ways to obtain SSL certificates through plugins. The Apache plugin will take care of reconfiguring Apache and reloading the configuration whenever necessary. To use this plugin, run the following:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --apache\n<\/code><\/pre>\n\n\n\n<p>This script will prompt you to answer a series of questions in order to configure your SSL certificate. First, it will ask you for a valid email address. This email will be used for renewal notifications and security notices:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>OutputSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nEnter email address (used for urgent renewal and security notices)\n (Enter 'c' to cancel): <mark>you@your_domain<\/mark>\n<\/code><\/pre>\n\n\n\n<p>After providing a valid email address, press&nbsp;<code>ENTER<\/code>&nbsp;to proceed to the next step. You will then be prompted to confirm if you agree to Let\u2019s Encrypt terms of service. You can confirm by pressing&nbsp;<code>Y<\/code>&nbsp;and then&nbsp;<code>ENTER<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:&#47;&#47;acme-v02.api.letsencrypt.org\/directory\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: <mark>Y<\/mark>\n<\/code><\/pre>\n\n\n\n<p>Next, you\u2019ll be asked if you would like to share your email with the Electronic Frontier Foundation to receive news and other information. If you do not want to subscribe to their content, write&nbsp;<code>N<\/code>. Otherwise, write&nbsp;<code>Y<\/code>&nbsp;then press&nbsp;<code>ENTER<\/code>&nbsp;to proceed to the next step:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about our work\nencrypting the web, EFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: <mark>N<\/mark>\n<\/code><\/pre>\n\n\n\n<p>The next step will prompt you to inform Certbot of which domains you\u2019d like to activate HTTPS for. The listed domain names are automatically obtained from your Apache virtual host configuration, so it\u2019s important to make sure you have the correct&nbsp;<code>ServerName<\/code>&nbsp;and&nbsp;<code>ServerAlias<\/code>&nbsp;settings configured in your virtual host. If you\u2019d like to enable HTTPS for all listed domain names (recommended), you can leave the prompt blank and press&nbsp;<code>ENTER<\/code>&nbsp;to proceed. Otherwise, select the domains you want to enable HTTPS for by listing each appropriate number, separated by commas and\/ or spaces, then press&nbsp;<code>ENTER<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Which names would you like to activate HTTPS for?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n1: <mark>your_domain<\/mark>\n2: www.<mark>your_domain<\/mark>\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\nblank to select all options shown (Enter 'c' to cancel): \n<\/code><\/pre>\n\n\n\n<p>After this step, Certbot\u2019s configuration is finished, and you will be presented with the final remarks about your new certificate and where to locate the generated files:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>OutputSuccessfully received certificate.\nCertificate is saved at: \/etc\/letsencrypt\/live\/<mark>your_domain<\/mark>\/fullchain.pem\nKey is saved at:         \/etc\/letsencrypt\/live\/<mark>your_domain<\/mark>\/privkey.pem\nThis certificate expires on 2022-07-10.\nThese files will be updated when the certificate renews.\nCertbot has set up a scheduled task to automatically renew this certificate in the background.\n\nDeploying certificate\nSuccessfully deployed certificate for <mark>your_domain<\/mark> to \/etc\/apache2\/sites-available\/<mark>your_domain<\/mark>-le-ssl.conf\nSuccessfully deployed certificate for www.<mark>your_domain<\/mark>.com to \/etc\/apache2\/sites-available\/<mark>your_domain<\/mark>-le-ssl.conf\nCongratulations! You have successfully enabled HTTPS on https:\/<mark>your_domain<\/mark> and https:\/\/www.<mark>your_domain<\/mark>.com\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nIf you like Certbot, please consider supporting our work by:\n * Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n * Donating to EFF:                    https:\/\/eff.org\/donate-le\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n<\/code><\/pre>\n\n\n\n<p>Your certificate is now installed and loaded into Apache\u2019s configuration. Try reloading your website using&nbsp;<code>https:\/\/<\/code>&nbsp;and notice your browser\u2019s security indicator. It should indicate that your site is properly secured, typically by a lock icon in the address bar.<\/p>\n\n\n\n<p>You can use the&nbsp;<a href=\"https:\/\/www.ssllabs.com\/ssltest\/\">SSL Labs Server Test<\/a>&nbsp;to verify your certificate\u2019s grade and obtain detailed information about it, from the perspective of an external service.<\/p>\n\n\n\n<p>In the next and final step, you\u2019ll test the auto-renewal feature of Certbot, which guarantees that your certificate will be renewed automatically before the expiration date.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"step-5-verifying-certbot-auto-renewal\"><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-5-verifying-certbot-auto-renewal\"><strong>Step 5 \u2014 Verifying Certbot Auto-Renewal<\/strong><\/a><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#step-5-verifying-certbot-auto-renewal\"><\/a><\/h2>\n\n\n\n<p>Let\u2019s Encrypt\u2019s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process, as well as to ensure that misused certificates or stolen keys will expire sooner rather than later.<\/p>\n\n\n\n<p>The&nbsp;<code>certbot<\/code>&nbsp;package you installed takes care of renewals by including a renew script to&nbsp;<code>\/etc\/cron.d<\/code>, which is managed by a&nbsp;<code>systemctl<\/code>&nbsp;service called&nbsp;<code>certbot.timer<\/code>. This script runs twice a day and will automatically renew any certificate that\u2019s within thirty days of expiration.<\/p>\n\n\n\n<p>To check the status of this service and make sure it\u2019s active, run the following:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl status certbot.timer\n<\/code><\/pre>\n\n\n\n<p>Your output will be similar to the following:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Output\u25cf certbot.timer - Run certbot twice daily\n     Loaded: loaded (\/lib\/systemd\/system\/certbot.timer; enabled; vendor preset:&gt;\n     <mark>Active: active (waiting) since Mon 2022-04-11 20:52:46 UTC; 4min 3s ago<\/mark>\n    Trigger: Tue 2022-04-12 00:56:55 UTC; 4h 0min left\n   Triggers: \u25cf certbot.service\n\nApr 11 20:52:46 jammy-encrypt systemd&#91;1]: Started Run certbot twice daily.\n<\/code><\/pre>\n\n\n\n<p>To test the renewal process, you can do a dry run with&nbsp;<code>certbot<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot renew --dry-run\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>OutputSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nProcessing \/etc\/letsencrypt\/renewal\/<mark>your_domain<\/mark>.conf\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nAccount registered.\nSimulating renewal of an existing certificate for <mark>your_domain<\/mark> and www.<mark>your_domain<\/mark>.com\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nCongratulations, all simulated renewals succeeded:\n  \/etc\/letsencrypt\/live\/<mark>your_domain<\/mark>\/fullchain.pem (success)\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n<\/code><\/pre>\n\n\n\n<p>If you don\u2019t receive any errors, you\u2019re all set. When necessary, Certbot will renew your certificates and reload Apache to pick up the changes. If the automated renewal process ever fails, Let\u2019s Encrypt will send a message to the email you specified, warning you when your certificate is about to expire.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"conclusion\"><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#conclusion\"><strong>Conclusion<\/strong><\/a><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04#conclusion\"><\/a><\/h2>\n\n\n\n<p>In this tutorial, you installed the Let\u2019s Encrypt client\u00a0<code>certbot<\/code>, configured and installed an SSL certificate for your domain, and confirmed that Certbot\u2019s automatic renewal service is active within\u00a0<code>systemctl<\/code>. If you have further questions about using Certbot,\u00a0<a href=\"https:\/\/certbot.eff.org\/docs\/\">their documentation<\/a>\u00a0is a good place to start.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Let\u2019s Encrypt is a Certificate Authority (CA) that facilitates obtaining and installing free&nbsp;TLS\/SSL certificates, thereby enabling encrypted HTTPS on web servers. It streamlines the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. Currently, the entire process of obtaining and installing a certificate is &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.appservgrid.com\/paw92\/index.php\/2023\/11\/03\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-22-04\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;How To Secure Apache with Let&#8217;s Encrypt on Ubuntu 22.04&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16964","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/16964","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=16964"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/16964\/revisions"}],"predecessor-version":[{"id":16966,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/16964\/revisions\/16966"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=16964"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=16964"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=16964"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}