Install Free Powerful SSL Certificate for Apache Server in Ubuntu 20.04 Lets Encrypt

One of the important SEO factor is website is hosted upon https rather than http. It is only possible after installing a valid SSL certificate. SSL certificate are bit expensive and bit complex also to install. And website owners who have just started their web application find bit tough to pay this extra cost. Luckily Let’s encrypt provides free valid SSL certificate to install in a website.

Why SSL Certificate is essential?

SSL certificates are essential because it encrypts data before sending data to the server and after sending data from the server. Before SSL encryption, the data used to be neat and crystal clear. So hackers managed to steal data while transfering data to the server and from server. But with SSL, the data is still visible to hackers but now they are in encrypted form. That is why SSL Certificate is so essential.

And also, Search engines like Google, Bing prioritize those sites in their search result which has valid SSL encryption is on.

Free vs Paid SSL Certificate

People often think if free SSL certificate is available then why paid SSL certificate are purchased! And the reason is free ssl certificate only encrypts data. There is no 100% guarantee that data are protected. There is no insurance money involved with free ssl certificate. Where as paid certificate has many extra features including good insurance money if website gets hacked.

Install SSL Certificate

Lets install the free ssl certificate from lets encrypt. First of all, keep in mind, ssl certificate is not installed per cloud hosting account. We must have to install for every domain, added domain and added sub domains. If I have 6 domains and 4 sub domains in my cloud hosting account then I must have to install ten different ssl certificates.(And yes all ten would be free. Not a single penny we are required to pay.)

Login using putty software with non-root user and password that has super user privileges.(If you no idea about it, then check second chapter of this tutorial series. All the chapter list are present below this article).

Certbot is a kind of bot which installs valid SSL certificate and it is from Let’s encrypt company. So it means, we are required to install certbot. Along with certbot, we are also going to install python-certbot-apache.

Use following command to update the updates and install both the softwares.

test@tester:~$ sudo apt update && sudo apt install certbot python-certbot-apache

If you encounter an error, then use following command.(Note: Run below command only if you encounter error for the above command).

test@tester:~$ sudo apt update && sudo apt install certbot python3-certbot-apache

Now its time to install the certificate.

test@tester:~$ sudo certbot –apache

Then it will ask for your email address. Provide one which you use often and want to receive email related to your website security and other related informationn.

Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel):

Then it will show its terms and conditions link. If you want you can read.

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
——————————————————————————-
(A)gree/(C)ancel:

Then press A and enter.

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
——————————————————————————-
(Y)es/(N)o:

Press N and enter. (For any reason if you want to share your email id then press y and then enter)

Which names would you like to activate HTTPS for?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: gyanol.com
2: www.gyanol.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):

Note: Here it will list all the available domain and sub domains available in the current server. If you can not see your domain name or sub domain name then it means you have not properly created configuration file for the domain or sub domain. (Chapter 10 to 12 is about adding domain and sub domains with required valid config file. All the chapter list is below the article)

Carefully type the number of the domain that you want to install the ssl certificate for and then press enter. Then following result will appear.

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/gyanol.com-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/gyanol.com-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/gyanol.com-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):

At this point, ssl certificate is successfully installed. Now it is asking to select an option between http or https version of your website.

When we install ssl certificate the website can be accessed with both http and https. But it is wise to forcefully redirect all http visit to https.

Therefore type 2 for second option – Redirect – Make all requests redirect …..

and then press enter.

Thats it. SSL certificate is successfully installed.

Note: This ssl certificate is only valid for 90 days. So every 90 days you have to check and by following above steps you need to install fresh copy of ssl.

You can repeat above steps for your rest of sub domains or domains.

Conclusion

I hope you have understood how to install free ssl certificate from lets encrypt for Apache Server in Ubuntu 20.04