Secure Apache with Let's Encrypt certificate

This article describes in few steps how to use Let's Encrypt certificates with apache.

note : All steps described below have been tested with Apache 2.2 on Debian 7 and Apache 2.4 on Debian 8.

Prerequisites:

  • Apache2 is installed and configured
  • Git is installed
  • Basic knowledge of apache configuration
  • root password

Step 1 - Download Let's Encrypt from the official repository

$ git clone https://github.com/letsencrypt/letsencrypt

Step 2 - Stop apache service - otherwise the script that generates the certificate will raise an error

sudo systemctl stop apache2  

or

sudo service apache2 stop  

Step 3 - Generate the certificate

$ cd letsencrypt
$ ./letsencrypt-auto certonly -a standalone -d [YOUR_DOMAIN_NAME] --agree-tos --email [YOUR_EMAIL_ADDRESS]

Step 4 - start apache servcice

sudo systemctl start apache2  

or

sudo service apache2 start  

Step 5 - Tell apache to use the certificate - in your virtual host configuration file for instance

<IfModule mod_ssl.c>  
    <VirtualHost _default_:443>
        [...]

        SSLEngine on

        SSLCertificateFile /etc/letsencrypt/live/[YOUR_DOMAIN_NAME]/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/[YOUR_DOMAIN_NAME]/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/[YOUR_DOMAIN_NAME]/fullchain.pem

        [...]
    </VirtualHost>
</IfModule>  

step 6 - restart apache so it takes your modifications into account

sudo apachectl graceful  

step 7 - enjoy your website with https:// :-)

In the next post we'll see so how to optimize your Apache SSL configuration. (next post here !)

Note : Please be aware that there is a rate limit for certificate issuance - see Let's Encrypt documentation