94.2 Apache Web Server LetsEncrypt

20210902

Secure communications to a web server is deployed using SSL to encrypt all communications from a browser to the server (recognised with the https: prefix, whete s is for secure).

Below we enable the ssl module in apache2, configure it and obtain a free SSL certificate from letsencrypt using certbot to deploy the certificate. Note that letsencrypt sends a challenge to http.

$ wajig install apache2 openssl ssl-cert
$ sudo a2enmod ssl
$ sudo a2ensite default-ssl
$ sudo snap install core; sudo snap refresh core
$ sudo snap install --classic certbot

$ sudo certbot --apache
  Enter email address
  Agree to the Terms of Service
  Send email address to EFF
  Enter in your domain names

$ sudo certbot renew --dry-run
$ wajig restart apache2

The certificate will be automatically updated through a timer. To list all times use systemctl to list-timers.

systemctl list-timers

Expect to see an entry like:

Fri 2021-09-03 07:17:00 AEST 10h left   n/a    n/a   snap.certbot.renew.timer snap.certbot.renew.service

If the certbot command is not found the it may need to be linked from the installation in the snap bin to the system bin folder

sudo ln -s /snap/bin/certbot /usr/bin/certbot

To manually renew the LetsEncrypt certificate:

sudo certbot renew

---

Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0