Menu Close

Securing Apache with SSL

SSL or Secure Sockets Layer is a protocol to negotiate a secure tunnel over the public Web.
One of the many protocols that can be transported through this secure tunnel is HTTP (HyperText Transmisstion Protocol).
In the old days, getting HTTPS working on your Apache server was a PITA involving generating Certs, enabling modules on Apache, and setting up Virtual Servers.
These days, our friends at Let’s Encrypt (an awesome nonprofit) have made things very easy for us. Booting the bill to host Certificate Validation Services as well as writing Python scripts to enable HTTPS on our server.
To start with, you need:
A working APACHE2 linux webserver.
A connection to the internet.
Python3.
You should be able to validate 1 and 2 by hitting your website using the HTTP prefix from a cell phone or other device not on your local LAN.
If that is good, then open an SSH or console session or to your server (from linux [ssh user@serverIP]). From there, type python and press Enter. If you get a prompt that looks like this: >>> , then you should be good. The version of python should be shown above this prompt. You’ll want 3.X. If the version is not shown, type:
import sys [Enter]
print(sys.version)[Enter]
That will definitely give you the python version.
OK then. Moving on.
First step is to install Certbot. This is the cool utility from Let’s Encrypt that gens a cert, installs it, and configures your virtual server for you! Pretty neat.
To do that type:
sudo apt-get install certbot
Note: The command above worked for me on Debian. If you are on Ubuntu, and don’t have the certbot repo installed, you can try this:
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install sudo apt-get install python-certbot-apache
Next, we’ll need certbot to create the cert, and then reach out to Let’s Encrypt to have it signed.
sudo certbot –apache -d yourdomain.com (replace yourdomain.com with your actual domain name)
 
NOTE: In the current version of Certbot (as oc 2/8/2018) there is an issue with authentication methods to Let’s Encrypt. This will be remediated in the next version of Certbot. Until then, the following command worked for me for Apache2:
sudo certbot –authenticator webroot –installer apache \ –webroot-path /var/www/html -d yourdomain.com 
You’ll be prompted with many questions to generate the cert. Once its done, you should be able to see it on your local system here:
/etc/letsencrypt/live
That’s It!
Your site should now be available using HTTPS. Please note that these certs are only valid for 90 days, but certbot autorenews them for you using a cron job.
 
 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.