Configure Apache with Let’s Encrypt on Ubuntu 22.04

With Let’s Encrypt you can secure your website quickly, efficiently and inexpensively. We will show you how to configure Apache securely on Ubuntu 22.04 using the certificate authority.

The security of a web server is crucial – especially if you run a website where confidential information is processed. Encrypting data transmission is an essential protection mechanism.

The free and widely used certificate authority Let’s Encrypt allows website operators to obtain SSL/TLS certificates for their domains. These certificates, in turn, ensure a secure and encrypted connection between the web server and your website visitors.

We will show you in five steps how to securely configure Apache using Let’s Encrypt on Ubuntu 22.04.

Step 1: Install Apache

Before you can use Let’s Encrypt, make sure Apache is installed on your Ubuntu 22.04 server (to the tutorial). Use the following command to do this:

sudo apt update
sudo apt install apache2

Step 2: Install Let’s Encrypt Certbot

Certbot is a helpful tool that facilitates the setup of SSL/TLS certificates. Install it with the commands below:

sudo apt install certbot python3-certbot-apache

Step 3: Create and configure certificate

After you have installed Certbot, you can create and configure an SSL/TLS certificate for your domain. Replace `example.com` with your own domain:

sudo certbot --apache -d example.com

Certbot guides you through the setup process and automatically creates the required Apache configuration files.

Step 4: Apache restart

After you have created and configured your certificate, you should restart Apache to apply the changes:

sudo systemctl restart apache2

Step 5: Set up automatic certificate renewal

Let’s Encrypt certificates have a limited validity period, usually 90 days. You can set up automatic renewal to ensure that your certificate is always up-to-date. To do this, add the following cron job:

sudo crontab -e

Also add the following line to check Certbot twice a day after expiration and renew if necessary:

0 */12 * * * /usr/bin/certbot renew --quiet