{"id":6970,"date":"2022-10-27T14:39:18","date_gmt":"2022-10-27T14:39:18","guid":{"rendered":"https:\/\/www.geekdecoder.com\/?p=6970"},"modified":"2022-10-27T14:39:18","modified_gmt":"2022-10-27T14:39:18","slug":"set-up-lets-encrypt-on-debian-11-with-apache-server","status":"publish","type":"post","link":"https:\/\/www.qbytes.cloud\/index.php\/2022\/10\/27\/set-up-lets-encrypt-on-debian-11-with-apache-server\/","title":{"rendered":"Set up Let’s Encrypt on Debian 11 with Apache Server"},"content":{"rendered":"

Today, we are installing certbot on Debian 11 with Apache2 (Apache\/2.4.54 (Debian). This article assumes you have Apache installed. If not, see How To Install LAMP (Linux, Apache, MySql-Maria, PHP) On Debian 11<\/a>. <\/p>\n

<\/p>\n

Here are some great sources: https:\/\/certbot.eff.org\/instructions<\/p>\n

The recommended way is to use snappy.<\/p>\n

\n$ sudo apt update\n<\/pre>\n
Then install the snapd package:<\/p>\n
\n$ sudo apt install snapd\n<\/pre>\n
\"\"<\/a><\/p>\n
\n$ sudo snap install core\n<\/pre>\n
\"\"<\/a>
\nThen refresh the core snap.<\/p>\n
\n$ sudo snap refresh core\n<\/pre>\n
Install the certbot snap with the following command.<\/p>\n
\n$ sudo snap install --classic certbot\n<\/pre>\n
\"\"<\/a><\/p>\n
This installation process will install the certbot executable in the \/snap\/bin\/ directory. Create a symbolic link to this file in the \/usr\/bin\/ directory to ensure that you can run the certbot command anywhere on your system:<\/p>\n
\n$ sudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot\n<\/pre>\n
Certbot is now ready to use, but in order for it to configure SSL for Apache, you need to verify that Apache has been configured correctly.<\/p>\n
Setting Up the SSL Certificate<\/p>\n
Open the virtual host file for your domain using nano or your favorite text editor:<\/p>\n
\n$ sudo nano \/etc\/apache2\/sites-available\/yoursite.conf\n<\/pre>\n
Find the existing ServerName line.<\/p>\n
\n\/etc\/apache2\/sites-available\/yoursite.conf\n...\nServerName yoursite.com;\n...\n<\/pre>\n
Next, verify the syntax of your configuration edits:<\/p>\n
\n$ sudo apache2ctl configtest\n<\/pre>\n
Output. You can ignore the warning message. Look for “Syntax OK”.<\/p>\n
\nAH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message\nSyntax OK\n<\/pre>\n
Certbot can now find the correct VirtualHost block and update it.<\/p>\n
Getting and Installing an SSL Certificate<\/p>\n
Note: Make sure that the A record for the DNS is pointing to the server so Certbot can match the IP with the domain.<\/p><\/blockquote>\n
Certbot provides ways to obtain SSL certificates through plugins. The Apache plugin will take care of reconfiguring Apache and reloading the configuration. To use this plugin, run the following:<\/p>\n
\n$ sudo certbot --apache -d yoursite.com -d www.yoursite.com\n<\/pre>\n
This runs certbot with the –apache plugin, using -d to specify the names for which you\u2019d like the certificate to be valid.
\nOutput:<\/p>\n
\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nEnter email address (used for urgent renewal and security notices)\n (Enter 'c' to cancel): user@domain.com\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.3-September-21-2022.pdf. You must\nagree in order to register with the ACME server. Do you agree?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: y\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing, once your first certificate is successfully issued, to\nshare your email address with the Electronic Frontier Foundation, a founding\npartner of the Let's Encrypt project and the non-profit organization that\ndevelops Certbot? We'd like to send you email about our work encrypting the web,\nEFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: n\nAccount registered.\nRequesting a certificate for yoursite.com and www.yoursite.com\nSuccessfully received certificate.\nCertificate is saved at: \/etc\/letsencrypt\/live\/yoursite.com\/fullchain.pem\nKey is saved at:         \/etc\/letsencrypt\/live\/yoursite.com\/privkey.pem\nThis certificate expires on 2023-01-25.\nThese files will be updated when the certificate renews.\nCertbot has set up a scheduled task to automatically renew this certificate in the background.\n\nDeploying certificate\nSuccessfully deployed certificate for ipgw.io to \/etc\/apache2\/sites-available\/yoursite.com-le-ssl.conf\nSuccessfully deployed certificate for www.ipgw.io to \/etc\/apache2\/sites-available\/yoursite.com-le-ssl.conf\nCongratulations! You have successfully enabled HTTPS on https:\/\/yoursite.com and https:\/\/www.yoursite.com\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nIf you like Certbot, please consider supporting our work by:\n * Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n * Donating to EFF:                    https:\/\/eff.org\/donate-le\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n<\/pre>\n
To check you can look at the site’s apache configuration file.<\/p>\n
Note above…
\nSuccessfully deployed certificate for ipgw.io to \/etc\/apache2\/sites-available\/yoursite.com-le-ssl.conf
\nSuccessfully deployed certificate for www.ipgw.io to \/etc\/apache2\/sites-available\/yoursite.com-le-ssl.conf<\/p>\n
Now you should reload the site and see the new ssl cert in action. You can also check the ssl at https:\/\/www.sslshopper.com\/ssl-checker.html<\/a><\/p>\n
If you need assistance, please contact our support at Geekdecoder IT Support<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Today, we are installing certbot on Debian 11 with Apache2 (Apache\/2.4.54 (Debian). This article assumes you have Apache installed. If not, see How To Install LAMP (Linux, Apache, MySql-Maria, PHP) On Debian 11.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-6970","post","type-post","status-publish","format-standard","hentry","category-apache"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/6970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=6970"}],"version-history":[{"count":0,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/6970\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=6970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=6970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=6970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}