Set up Let’s Encrypt on Debian 11 with Apache Server

Today, we are installing certbot on Debian 11 with Apache2 (Apache/2.4.54 (Debian). This article assumes you have Apache installed. If not, see How To Install LAMP (Linux, Apache, MySql-Maria, PHP) On Debian 11.

Here are some great sources: https://certbot.eff.org/instructions

The recommended way is to use snappy.

$ sudo apt update

Then install the snapd package:

$ sudo apt install snapd

$ sudo snap install core


Then refresh the core snap.

$ sudo snap refresh core

Install the certbot snap with the following command.

$ sudo snap install --classic certbot

This installation process will install the certbot executable in the /snap/bin/ directory. Create a symbolic link to this file in the /usr/bin/ directory to ensure that you can run the certbot command anywhere on your system:

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Certbot is now ready to use, but in order for it to configure SSL for Apache, you need to verify that Apache has been configured correctly.

Setting Up the SSL Certificate

Open the virtual host file for your domain using nano or your favorite text editor:

$ sudo nano /etc/apache2/sites-available/yoursite.conf

Find the existing ServerName line.

/etc/apache2/sites-available/yoursite.conf
...
ServerName yoursite.com;
...

Next, verify the syntax of your configuration edits:

$ sudo apache2ctl configtest

Output. You can ignore the warning message. Look for “Syntax OK”.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK

Certbot can now find the correct VirtualHost block and update it.

Getting and Installing an SSL Certificate

Note: Make sure that the A record for the DNS is pointing to the server so Certbot can match the IP with the domain.

Certbot provides ways to obtain SSL certificates through plugins. The Apache plugin will take care of reconfiguring Apache and reloading the configuration. To use this plugin, run the following:

$ sudo certbot --apache -d yoursite.com -d www.yoursite.com

This runs certbot with the –apache plugin, using -d to specify the names for which you’d like the certificate to be valid.
Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): user@domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.
Requesting a certificate for yoursite.com and www.yoursite.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yoursite.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/yoursite.com/privkey.pem
This certificate expires on 2023-01-25.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for ipgw.io to /etc/apache2/sites-available/yoursite.com-le-ssl.conf
Successfully deployed certificate for www.ipgw.io to /etc/apache2/sites-available/yoursite.com-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://yoursite.com and https://www.yoursite.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

To check you can look at the site’s apache configuration file.

Note above…
Successfully deployed certificate for ipgw.io to /etc/apache2/sites-available/yoursite.com-le-ssl.conf
Successfully deployed certificate for www.ipgw.io to /etc/apache2/sites-available/yoursite.com-le-ssl.conf

Now you should reload the site and see the new ssl cert in action. You can also check the ssl at https://www.sslshopper.com/ssl-checker.html

If you need assistance, please contact our support at Geekdecoder IT Support.

1 thought on “Set up Let’s Encrypt on Debian 11 with Apache Server

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.