{"id":311,"date":"2022-07-18T17:27:34","date_gmt":"2022-07-18T17:27:34","guid":{"rendered":"https:\/\/www.webhi.com\/how-to\/?p=311"},"modified":"2022-07-20T21:43:40","modified_gmt":"2022-07-20T21:43:40","slug":"how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian","status":"publish","type":"post","link":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/","title":{"rendered":"How To Secure Apache with Let&#8217;s Encrypt on Ubuntu"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"1200\" height=\"675\" src=\"https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/apache_lets_encrypt_deb_en.jpg\" alt=\"Secure Apache with Let's Encrypt\" class=\"wp-image-793\" srcset=\"https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/apache_lets_encrypt_deb_en.jpg 1200w, https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/apache_lets_encrypt_deb_en-300x169.jpg 300w, https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/apache_lets_encrypt_deb_en-1024x576.jpg 1024w, https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/apache_lets_encrypt_deb_en-768x432.jpg 768w, https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/apache_lets_encrypt_deb_en-150x84.jpg 150w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/letsencrypt.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Let&#8217;s Encrypt<\/a> is a Certificate Authority (CA) offers an easy way to get and install free TLS\/SSL certificates, enabling the use of encrypted HTTPS. It simplifies the process by including <a href=\"https:\/\/certbot.eff.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Certbot<\/a> that aims to automate most or all of the necessary tasks. For the time being, the whole certificate acquisition and installation procedure is totally automated on both <a href=\"https:\/\/apache.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Apache<\/a> and <a href=\"https:\/\/nginx.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Nginx<\/a>.<\/p>\n\n\n\n<p>In this guide, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu\/Debian and set up your certificate so that it will automatically renew.<\/p>\n\n\n\n<p>This guide will be using a separate virtual host file for Apache instead of the configuration file that is default. We recommend you create new Apache virtual host files for every domain, since it helps avoid widespread mistakes and maintains the default files as a fallback configuration.<\/p>\n\n\n\n<p>If you want to install Certificate manually, you can check <a href=\"https:\/\/www.webhi.com\/how-to\/how-to-setup-lets-encrypt-ssl-on-ubuntu-lts\/\" target=\"_blank\" rel=\"noreferrer noopener\">Setup Let\u2019s Encrypt SSL on Ubuntu<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Prerequisites<\/strong><\/h2>\n\n\n\n<ul><li>One Ubuntu\/Debian server set up, as well as a non-<strong>root<\/strong> user with a firewall and sudo privileges.<\/li><li>A domain name that is fully registered. In this guide, we will use <strong><kbd>your_domain<\/kbd><\/strong> as an example all the way through.<\/li><li>Both of these DNS records set up for your server.&nbsp;<ul><li>An A record with <kbd>your_domain<\/kbd> that points to the public ID address of your server.<\/li><li>An A record with www.your_domain that points to the public ID address of your server.<\/li><\/ul><\/li><li>Apache installed. Be sure that you already have a virtual host file set up for your domain. This tutorial will be using <kbd>\/etc\/apache2\/sites-available\/your_domain.conf<\/kbd> as an example.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1 \u2013 installing Certbot With Snap<\/h2>\n\n\n\n<p>Snaps can be used on all major Linux distributions, including Ubuntu, Linux Mint, Debian and Fedora.<\/p>\n\n\n\n<p>Snap comes pre-installed on Ubuntu 16 and later. To confirm that you have the most recent version of <kbd>snapd<\/kbd>, run the following commands from the command line on the system.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo snap install core; sudo snap refresh core<\/code><\/pre>\n\n\n\n<p>To install Certbot, use this command on the machine&#8217;s command line.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo snap install --classic certbot\n$ sudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Step 2 \u2014 Set Up the SSL Certificate<\/strong><\/h2>\n\n\n\n<p>Certbot should be capable of finding the correct virtual host in your Apache configuration, so it can configure SSL automatically. To be more specific, this happens by looking for a<strong> ServerName<\/strong> directive that goes along with the domain for which you request a certificate.<\/p>\n\n\n\n<p>You should already have a <strong>VirtualHost<\/strong> block for your domain at <strong>\/etc\/apache2\/sites-available\/your_domain.conf<\/strong> with the <strong>ServerName <\/strong>directive set correctly.<\/p>\n\n\n\n<p>To verify, open your domain\u2019s virtual host file using <strong>nano<\/strong> or your preferred text editor:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo nano \/etc\/apache2\/sites-available\/your_domain.conf<\/code><\/pre>\n\n\n\n<p>Find the already existing <strong>ServerName<\/strong> line. It will be similar to this, but with your domain name instead of <kbd>your_domain<\/kbd> :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">...\n\nServerName your_domain;\n\n...<\/pre>\n\n\n\n<p>If it doesn\u2019t by now then update the <strong>ServerName<\/strong> directive to point to the name of your domain then quit your editor after saving the file, and afterwards go ahead and verify your configuration edits\u2019 syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo apache2ctl configtest<\/code><\/pre>\n\n\n\n<p>You will see the output below if there are no syntax errors:<\/p>\n\n\n\n<h5 class=\"has-text-align-center wp-block-heading\"><kbd>Output:<\/kbd><\/h5>\n\n\n\n<pre class=\"wp-block-preformatted\">Syntax OK<\/pre>\n\n\n\n<p>If you get an error, reopen the virtual host file and check for any typos or missing characters. Once your configuration file\u2019s syntax is correct, reload Apache to load the new configuration:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo systemctl restart apache2<\/code><\/pre>\n\n\n\n<p>Certbot is now able to find the right <strong>VirtualHost<\/strong> block and apply an update on it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Step 3 \u2014 Allow HTTPS Through the Firewall<\/strong><\/h2>\n\n\n\n<p>If your&nbsp;<kbd>ufw<\/kbd> firewall is enabled as recommended by the prerequisites part, you will have to modify the settings to enable HTTPS traffic. Fortunately, <kbd>ufw<\/kbd> comes in a package with a few profiles that help to make simple the process of changing the firewall rules for HTTP and HTTPS traffic when installed on Ubuntu\/Debian.<\/p>\n\n\n\n<p>It is possible to visualize the current setting by typing the following command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo ufw status<\/code><\/pre>\n\n\n\n<p>The output of this command should look something like this, showcasing that HTTP traffic alone is allowed into the web server:<\/p>\n\n\n\n<h5 class=\"has-text-align-center wp-block-heading\"><kbd>Output:<\/kbd><\/h5>\n\n\n\n<pre class=\"wp-block-preformatted\">Status: active\n\nTo                         Action      From\n--                         ------      ----\nOpenSSH                    ALLOW       Anywhere\nWWW                        ALLOW       Anywhere\nOpenSSH (v6)               ALLOW       Anywhere (v6)\nWWW (v6)                   ALLOW       Anywhere (v6)<\/pre>\n\n\n\n<p>To let in additional HTTPS traffic, enable the \u201cWWW Full\u201d profile and remove the repeated \u201cWWW\u201d profile allowance:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo ufw allow 'WWW Full'<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo ufw delete allow 'WWW'<\/code><\/pre>\n\n\n\n<p>Your status should now be similar to this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo ufw status<\/code><\/pre>\n\n\n\n<h5 class=\"has-text-align-center wp-block-heading\"><kbd>Output:<\/kbd><\/h5>\n\n\n\n<pre class=\"wp-block-preformatted\">Status: active\nTo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Action&nbsp; &nbsp; &nbsp; From\n-- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ------&nbsp; &nbsp; &nbsp; ----\nOpenSSH&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ALLOW &nbsp; &nbsp; &nbsp; Anywhere\nWWW Full &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ALLOW &nbsp; &nbsp; &nbsp; Anywhere\nOpenSSH (v6) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ALLOW &nbsp; &nbsp; &nbsp; Anywhere (v6)\nWWW Full (v6)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ALLOW &nbsp; &nbsp; &nbsp; Anywhere (v6)<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Step 4 \u2014 Obtain an SSL Certificate in Apache<\/strong><\/h2>\n\n\n\n<p>Certbot makes available a wide range of ways to get SSL certificates through plugins. The Apache plugin takes care of redoing the Apache configuration and reloading it whenever it is necessary. To use this plugin, type this command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo certbot --apache -d your_domain -d www.your_domain<\/code><\/pre>\n\n\n\n<p>This allows <kbd>certbot<\/kbd> to run with the <kbd>--apache<\/kbd> plugin, while using <kbd>-d<\/kbd> to be specific about the names whose certificate you\u2019d like to be valid.<\/p>\n\n\n\n<p>If you are running<strong> certbot <\/strong>for the first time, you will be asked to enter an email address and agree to the terms of service. You will also be asked if you would like to share your email address with the Electronic Frontier Foundation. a non-profit that advocates for digital rights, and it also happens to be the maker of Certbot. You are free to either enter<strong> Y<\/strong> to share your email address or <strong>N<\/strong> if you wish not to.<\/p>\n\n\n\n<p>Once this is done, <strong>certbot <\/strong>will interact with the Let\u2019s Encrypt server, then run a test to make sure you control the domain whose certificate you are requesting.<\/p>\n\n\n\n<p>If that works out fine, certbot will ask about the way you\u2019d like to configure the settings of your HTTPS:<\/p>\n\n\n\n<h5 class=\"has-text-align-center wp-block-heading\"><kbd>Output:<\/kbd><\/h5>\n\n\n\n<pre class=\"wp-block-preformatted\">Please choose whether to redirect HTTP traffic to HTTPS, removing HTTP access.\n\n-------------------------------------------------------------------------------\n\n1: No redirect \u2013 Make no further changes to the webserver configuration.\n\n2: Redirect \u2013 Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration.\n\n-------------------------------------------------------------------------------\n\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel):<\/pre>\n\n\n\n<p>Select the appropriate option for you and hit <strong>ENTER<\/strong>. The configuration will then be updated automatically and Apache will be reloaded to integrate the chosen settings. <\/p>\n\n\n\n<p>certbot will conclude with a note telling you that the process was successful and will show you where your certificates have been stored:<\/p>\n\n\n\n<h5 class=\"has-text-align-center wp-block-heading\"><kbd>Output:<\/kbd><\/h5>\n\n\n\n<pre class=\"wp-block-preformatted\">IMPORTANT NOTES:\n\n\u2014 Congratulations! Your certificate and chain have been saved at:\n   \/etc\/letsencrypt\/live\/your_domain\/fullchain.pem\n   Your key file has been saved at:\n   \/etc\/letsencrypt\/live\/your_domain\/privkey.pem\n   Your cert will expire on 2019-10-20. To obtain a new or tweaked\n   version of this certificate in the future, simply run certbot again\n   with the \"certonly\" option. To non-interactively renew *all* of\n   your certificates, run \"certbot renew\"\n\u2014 If you like Certbot, please consider supporting our work by:\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n   Donating to EFF:                    https:\/\/eff.org\/donate-le<\/pre>\n\n\n\n<p>Your certificates have been downloaded, installed, and loaded. Reload your website with<strong> https:\/\/<\/strong> and pay attention to the security indicator of your browser. It should show, usually with a green lock icon, that the site is well secured. If you use the SSL Labs Serevt Test to test your server, it will get an <strong>A<\/strong> grade.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Step 5 \u2014 Verify the Auto-Renewal of Certbot<\/strong><\/h2>\n\n\n\n<p>The validity of Let\u2019s Encrypt certificates is 90 days only, in order to encourage users to make their certificate renewal process automatic. The <strong>certbot<\/strong> package which we installed takes care of this by itself by adding a renewal script to <kbd>\/etc\/cron.d.<\/kbd> which runs two times a day and automatically renews any certificate that\u2019s within 30 days of expiration.<\/p>\n\n\n\n<p>To run a test on the renewal process, do a dry run using <kbd>certbot<\/kbd>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">$ sudo certbot renew --dry-run<\/code><\/pre>\n\n\n\n<p>You\u2019re all set if you see no errors. Certbot will make sure to renew your certificates and reload Apache to integrate the updated settings when necessary. In case the automated renewal process fails, Let\u2019s Encrypt will send a message in your email to warn you that your certificate will expire soon.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>In this guide, You installed the Let&#8217;s Encrypt client certbot. downloaded SSL certificates for your domain, configured Apache to utilize them, and set the certificate to renew automatically in this step. If you still have more questions regarding using Certbot, you can check their documentation, where you will find what you need to know as a start.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.webhi.com\/cheap-ssl-certificate\" target=\"_blank\" rel=\"noreferrer noopener\">Get cheap SSL<\/a> from all known SSL providers.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let&#8217;s Encrypt is a Certificate Authority (CA) offers an easy way to get and install free TLS\/SSL certificates, enabling the use of encrypted HTTPS. It simplifies the process by including Certbot that aims to automate most or all of the necessary tasks. For the time being, the whole certificate acquisition and installation procedure is totally ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,4],"tags":[],"yoast_head":"\n<title>How To Secure Apache with Let&#039;s Encrypt on Ubuntu WebHi Tutorial<\/title>\n<meta name=\"description\" content=\"In this guide, will use Certbot to obtain a free SSL certificate for Apache on Ubuntu and auto certificate renew.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How To Secure Apache with Let&#039;s Encrypt on Ubuntu WebHi Tutorial\" \/>\n<meta property=\"og:description\" content=\"In this guide, will use Certbot to obtain a free SSL certificate for Apache on Ubuntu and auto certificate renew.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/\" \/>\n<meta property=\"og:site_name\" content=\"WebHi Tutorials &amp; Documentations\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/webhi.technology\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-18T17:27:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-07-20T21:43:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/apache_lets_encrypt_deb_en.jpg\" \/>\n<meta name=\"author\" content=\"webhi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@WebHiTechnology\" \/>\n<meta name=\"twitter:site\" content=\"@WebHiTechnology\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"webhi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/\"},\"author\":{\"name\":\"webhi\",\"@id\":\"https:\/\/www.webhi.com\/how-to\/#\/schema\/person\/b31e76e2311cdc0bb90f5e2733059a54\"},\"headline\":\"How To Secure Apache with Let&#8217;s Encrypt on Ubuntu\",\"datePublished\":\"2022-07-18T17:27:34+00:00\",\"dateModified\":\"2022-07-20T21:43:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/\"},\"wordCount\":1181,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.webhi.com\/how-to\/#organization\"},\"articleSection\":[\"SSL Certificate\",\"Web servers\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/\",\"url\":\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/\",\"name\":\"How To Secure Apache with Let's Encrypt on Ubuntu WebHi Tutorial\",\"isPartOf\":{\"@id\":\"https:\/\/www.webhi.com\/how-to\/#website\"},\"datePublished\":\"2022-07-18T17:27:34+00:00\",\"dateModified\":\"2022-07-20T21:43:40+00:00\",\"description\":\"In this guide, will use Certbot to obtain a free SSL certificate for Apache on Ubuntu and auto certificate renew.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.webhi.com\/how-to\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Secure Apache with Let&#8217;s Encrypt on Ubuntu\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.webhi.com\/how-to\/#website\",\"url\":\"https:\/\/www.webhi.com\/how-to\/\",\"name\":\"WebHi Tutorials &amp; Documentations\",\"description\":\"System administration and knowledge base\",\"publisher\":{\"@id\":\"https:\/\/www.webhi.com\/how-to\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.webhi.com\/how-to\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.webhi.com\/how-to\/#organization\",\"name\":\"WebHi Technology\",\"url\":\"https:\/\/www.webhi.com\/how-to\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.webhi.com\/how-to\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/logo.png\",\"contentUrl\":\"https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/logo.png\",\"width\":288,\"height\":95,\"caption\":\"WebHi Technology\"},\"image\":{\"@id\":\"https:\/\/www.webhi.com\/how-to\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/webhi.technology\",\"https:\/\/twitter.com\/WebHiTechnology\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.webhi.com\/how-to\/#\/schema\/person\/b31e76e2311cdc0bb90f5e2733059a54\",\"name\":\"webhi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.webhi.com\/how-to\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.webhi.com\/how-to\/ahuphiph\/litespeed\/avatar\/e20da107d0f4c765ead2eef88ad019d8.jpg?ver=1783029557\",\"contentUrl\":\"https:\/\/www.webhi.com\/how-to\/ahuphiph\/litespeed\/avatar\/e20da107d0f4c765ead2eef88ad019d8.jpg?ver=1783029557\",\"caption\":\"webhi\"},\"sameAs\":[\"https:\/\/www.webhi.com\/how-to\"],\"url\":\"https:\/\/www.webhi.com\/how-to\/author\/webhi\/\"}]}<\/script>\n","yoast_head_json":{"title":"How To Secure Apache with Let's Encrypt on Ubuntu WebHi Tutorial","description":"In this guide, will use Certbot to obtain a free SSL certificate for Apache on Ubuntu and auto certificate renew.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/","og_locale":"en_US","og_type":"article","og_title":"How To Secure Apache with Let's Encrypt on Ubuntu WebHi Tutorial","og_description":"In this guide, will use Certbot to obtain a free SSL certificate for Apache on Ubuntu and auto certificate renew.","og_url":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/","og_site_name":"WebHi Tutorials &amp; Documentations","article_publisher":"https:\/\/www.facebook.com\/webhi.technology","article_published_time":"2022-07-18T17:27:34+00:00","article_modified_time":"2022-07-20T21:43:40+00:00","og_image":[{"url":"https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/apache_lets_encrypt_deb_en.jpg"}],"author":"webhi","twitter_card":"summary_large_image","twitter_creator":"@WebHiTechnology","twitter_site":"@WebHiTechnology","twitter_misc":{"Written by":"webhi","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/#article","isPartOf":{"@id":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/"},"author":{"name":"webhi","@id":"https:\/\/www.webhi.com\/how-to\/#\/schema\/person\/b31e76e2311cdc0bb90f5e2733059a54"},"headline":"How To Secure Apache with Let&#8217;s Encrypt on Ubuntu","datePublished":"2022-07-18T17:27:34+00:00","dateModified":"2022-07-20T21:43:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/"},"wordCount":1181,"commentCount":0,"publisher":{"@id":"https:\/\/www.webhi.com\/how-to\/#organization"},"articleSection":["SSL Certificate","Web servers"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/","url":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/","name":"How To Secure Apache with Let's Encrypt on Ubuntu WebHi Tutorial","isPartOf":{"@id":"https:\/\/www.webhi.com\/how-to\/#website"},"datePublished":"2022-07-18T17:27:34+00:00","dateModified":"2022-07-20T21:43:40+00:00","description":"In this guide, will use Certbot to obtain a free SSL certificate for Apache on Ubuntu and auto certificate renew.","breadcrumb":{"@id":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.webhi.com\/how-to\/how-to-secure-apache-with-lets-encrypt-on-ubuntu-debian\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.webhi.com\/how-to\/"},{"@type":"ListItem","position":2,"name":"How To Secure Apache with Let&#8217;s Encrypt on Ubuntu"}]},{"@type":"WebSite","@id":"https:\/\/www.webhi.com\/how-to\/#website","url":"https:\/\/www.webhi.com\/how-to\/","name":"WebHi Tutorials &amp; Documentations","description":"System administration and knowledge base","publisher":{"@id":"https:\/\/www.webhi.com\/how-to\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.webhi.com\/how-to\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.webhi.com\/how-to\/#organization","name":"WebHi Technology","url":"https:\/\/www.webhi.com\/how-to\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.webhi.com\/how-to\/#\/schema\/logo\/image\/","url":"https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/logo.png","contentUrl":"https:\/\/www.webhi.com\/how-to\/gilrogre\/2022\/07\/logo.png","width":288,"height":95,"caption":"WebHi Technology"},"image":{"@id":"https:\/\/www.webhi.com\/how-to\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/webhi.technology","https:\/\/twitter.com\/WebHiTechnology"]},{"@type":"Person","@id":"https:\/\/www.webhi.com\/how-to\/#\/schema\/person\/b31e76e2311cdc0bb90f5e2733059a54","name":"webhi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.webhi.com\/how-to\/#\/schema\/person\/image\/","url":"https:\/\/www.webhi.com\/how-to\/ahuphiph\/litespeed\/avatar\/e20da107d0f4c765ead2eef88ad019d8.jpg?ver=1783029557","contentUrl":"https:\/\/www.webhi.com\/how-to\/ahuphiph\/litespeed\/avatar\/e20da107d0f4c765ead2eef88ad019d8.jpg?ver=1783029557","caption":"webhi"},"sameAs":["https:\/\/www.webhi.com\/how-to"],"url":"https:\/\/www.webhi.com\/how-to\/author\/webhi\/"}]}},"_links":{"self":[{"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/posts\/311"}],"collection":[{"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/comments?post=311"}],"version-history":[{"count":38,"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/posts\/311\/revisions"}],"predecessor-version":[{"id":1372,"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/posts\/311\/revisions\/1372"}],"wp:attachment":[{"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/media?parent=311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/categories?post=311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webhi.com\/how-to\/wp-json\/wp\/v2\/tags?post=311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}