Secure Apache with SSL

 











Step 1 – Installing Certbot

In order to obtain an SSL certificate with Let’s Encrypt, we’ll first need to install the Certbot software on your server. We’ll use the default Ubuntu package repositories for that.

We need two packages: certbot, and python3-certbot-apache. The latter is a plugin that integrates Certbot with Apache, making it possible to automate obtaining a certificate and configuring HTTPS within your web server with a single command.

sandip@my-lab:~$ sudo apt install certbot python3-certbot-apache

 

You will be prompted to confirm the installation by pressing Y, then ENTER.

Certbot is now installed on your server. In the next step, we’ll verify Apache’s configuration to make sure your virtual host is set appropriately. This will ensure that the certbot client script will be able to detect your domains and reconfigure your web server to use your newly generated SSL

 

Step 2 – Obtaining an SSL Certificate

Certbot provides a variety of ways to obtain SSL certificates through plugins. The Apache plugin will take care of reconfiguring Apache and reloading the configuration whenever necessary. To use this plugin, type the following:

sandip@my-lab:~$ sudo certbot --apache

 This script will prompt you to answer a series of questions in order to configure your SSL certificate. First, it will ask you for a valid e-mail address. This email will be used for renewal notifications and security notices:

After providing a valid e-mail address, hit ENTER to proceed to the next step. You will then be prompted to confirm if you agree to Let’s Encrypt terms of service. You can confirm by pressing A and then ENTER:


Next, you’ll be asked if you would like to share your email with the Electronic Frontier Foundation to receive news and other information. If you do not want to subscribe to their content, type N. Otherwise, type Y. Then, hit ENTER to proceed to the next step.


The next step will prompt you to inform Certbot of which domains you’d like to activate HTTPS for. The listed domain names are automatically obtained from your Apache virtual host configuration, that’s why it’s important to make sure you have the correct ServerName and ServerAlias settings configured in your virtual host. If you’d like to enable HTTPS for all listed domain names (recommended), you can leave the prompt blank and hit ENTER to proceed. Otherwise, select the domains you want to enable HTTPS for by listing each appropriate number, separated by commas and/ or spaces, then hit ENTER.

Your certificate is now installed and loaded into Apache’s configuration. Try reloading your website using https://admission.sherubtse.edu.bt and notice your browser’s security indicator. It should point out that your site is properly secured, typically by including a lock icon in the address bar.

 

Step 3 – Verifying Certbot Auto-Renewal

Let’s Encrypt’s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process, as well as to ensure that misused certificates or stolen keys will expire sooner rather than later.

The certbot package we installed takes care of renewals by including a renew script to /etc/cron.d, which is managed by a systemctl service called certbot.timer. This script runs twice a day and will automatically renew any certificate that’s within thirty days of expiration.

To check the status of this service and make sure it’s active and running, you can use:

sandip@my-lab:~$ sudo systemctl status certbot.timer


Comments

Post a Comment

Popular posts from this blog

Install Moodle 4.3 on Ubuntu 23.10

Image
Moodle, an acronym for Modular Object-Oriented Dynamic Learning Environment, is a robust open-source platform designed to facilitate online learning and course management. Developed by Martin Dougiamas in 2002, Moodle has evolved into one of the most widely used Learning Management Systems (LMS) globally. Whether you are an educator, administrator, or learner, Moodle offers a robust and flexible environment for creating and participating in online courses. In this tutorial, we will learn how to install Moodle 4.3 with the following specifications: ·          Virtual Cloud Server:  1 CPU, 1 GB RAM, 32 GB Storage ·          Operating System:  Ubuntu 22.04 LTS ·          Subdomain:  admission.sherubtse.edu.bt ·          SSL:  Let’s Encrypt ·          Web Server:...
Read more

Activate window and MS-Office with PowerShell

Image
Step 1: Open PowerShell as Administrator Press the Windows +R key on your keyboard. Type  powershell .                    2.  Right-click Windows PowerShell and choose:           👉 "Run as administrator"               3.   If prompted by the system, click Yes to allow changes.               Step 2: Copy and Paste the Command In the PowerShell window that opens, type or copy-paste this command: C:\Users\San_Deep> irm https://get.activated.win |iex Then press Enter . click 5 on your keyboard to Activate Online using KMS for both window and Office To activate only window, click 1 . And same for activation office only, Click 2 . Otherwise click 4 to activate both office and Window. Step 3:  The script will run. It may show progress bars or status messages like: "Checking Windows version...
Read more

GNS3 installation in Linux

Image
 GNS3 Installation in Linux These instructions are for Ubuntu and all distributions based on it (like Linux Mint).        sandip@MyLap:~$ sudo add-apt-repository ppa:gns3/ppa      sandip@MyLap:~$ sudo apt update      sandip@MyLap:~$ sudo apt install gns3-gui gns3-server (when prompted whether non-root users should be allowed to use wireshark and ubridge, select ‘Yes’ both times) If you want IOU support      sandip@MyLap:~$ sudo dpkg --add-architecture i386      sandip@MyLap:~$ sudo apt update      sandip@MyLap:~$ sudo apt install gns3-iou Install the following packages:      sandip@MyLap:~$ sudo apt-get install apt-transport-https ca-certificates curl software-properties-                common   Import the official Docker GPG key:      sandip@MyLap:~$ curl -fsSL https://download.docker.co...
Read more