setup lets encrypt apache centos 10

How To Secure Apache with Let’s Encrypt on Debian 10

Let’s Encrypt is a free SSL/TLS certificate provider that allows you to easily secure your website. Here’s how to secure Apache with Let’s Encrypt on Debian 10.


How To Secure Apache with Let’s Encrypt on Debian 10

Here are the steps to secure Apache with Let’s Encrypt on Debian 10, Debian 9 and Ubuntu Linux.


1. Install Certbot

Let’s Encrypt provides an automated tool called Certbot that automatically obtains and renews Let’s Encrypt SSL certificates.

Open terminal and run the following command

sudo apt update
sudo apt install certbot

Bonus Read : How to Set CORS in Apache


2. Setup SSL Configuration in Apache

Certbot needs to find a ServerName directive that matches the domain for which you are obtaining SSL certificate. Let’s say you want to obtain SSL certificate for domain. Open the virtual host configuration file for your domain

$ sudo vi /etc/apache2/sites-available/

Ensure that ServerName directive points to your domain (


Restart Apache

$ sudo systemctl reload apache2


Before proceeding further, please ensure that you have allowed HTTPS traffic in your firewall for port 443.

Bonus Read : How to Install Apache mod_security in Ubuntu


3. Obtain SSL Certificate

Run the following command to obtain single SSL certificate for both and, from the same directory that contains your virtual host file (/etc/apache2/sites-available/)

$ sudo certbot certonly --agree-tos --email -d -d

In the above command, replace with your website administrator’s email address.

certbot will begin communicating with Let’s Encrypt server to get the SSL certificate, after it runs a security challenge to verify that you actually control the domain for which you are requesting SSL certificate.

If Let’s Encrypt gets SSL certificate you will see the following message

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2018-12-04. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

Bonus Read : How to Install SSL Certificate for Apache Windows


4. Update Virtual Host Configuration File

The above message contains the paths to your SSL certificate and key files. Open virtual host configuration file to add these paths.

$ sudo vi /etc/apache2/sites-available/


Add the following lines in VirtualHost * : 443 tag before </VirtualHost> line.

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/


Your VirtualHost block will look something like this

<VirtualHost *:443>

  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/
  SSLCertificateKeyFile /etc/letsencrypt/live/



Bonus Read : How to Generate CSR for SSL Certificate in Linux


5. Test Apache Configuration and Restart Server

Run the following command to test Apache server configuration

$ sudo apachectl configtest

If you don’t see any error, restart Apache web server.

$ sudo service apache2 restart

Now you have installed Let’s Encrypt SSL certificate in Apache web server. Open a browser and visit https:// version of your domain (e.g

You will see a lock symbol next to your URL, in browser’s address bar, indicating that your website’s SSL/TLS certificate is working properly. https ssl tls

Hopefully, now you can Secure Apache with Let’s Encrypt SSL certificate in Apache for Debian/Ubuntu as well as other Linux systems.

Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it Today!