How to Install Let’s Encrypt SSL on Apache?

Securing your website with HTTPS is essential for protecting user data and improving search engine rankings. This guide provides a straightforward, step-by-step walkthrough for installing a free Let’s Encrypt SSL certificate on an Apache web server using Certbot. You will learn how to prepare your server, install the necessary software, generate the certificate, and configure automatic renewals to ensure continuous security.

Prerequisites Before Installation

Before beginning the installation process, ensure that your environment meets the following requirements:

• A server running Apache with a registered domain name pointing to your server’s public IP address.
• SSH access to the server with a user account that has sudo privileges.
• Virtual hosts configured correctly for your domain (e.g., example.com and www.example.com) so Certbot can automatically detect and update the Apache configuration.

Step 1: Install Certbot and the Apache Plugin

Certbot is the official command-line tool used to automate the issuance and renewal of Let’s Encrypt certificates. You need to install Certbot along with its Apache plugin, which helps automate the configuration process.

On Ubuntu or Debian systems, run the following commands:

sudo apt update
sudo apt install certbot python3-certbot-apache

On CentOS, RHEL, or Fedora systems, use the dnf package manager:

sudo dnf install epel-release -y
sudo dnf install certbot python3-certbot-apache -y

Step 2: Obtain and Install the SSL Certificate

Once Certbot is installed, you can trigger the certificate generation and automatic Apache configuration using a single command. The Apache plugin will modify your configuration files and handle the SSL handshake setup.

Run the following command, replacing example.com with your actual domain:

sudo certbot --apache -d example.com -d www.example.com

During this process, the terminal will prompt you for an email address for renewal notices and ask you to agree to the terms of service. Certbot will also ask whether you want to redirect all HTTP traffic to HTTPS. It is highly recommended to select the redirect option to ensure all connections to your site are secure.

Step 3: Verify the SSL Installation

After Certbot completes the setup, you should verify that the certificate is working correctly. Open a web browser and navigate to your domain using https://. Look for the padlock icon in the address bar to confirm the secure connection.

You can perform a more technical and thorough analysis by using an external SSL testing tool, such as the SSL Labs Server Test. Input your domain name into the tool to receive a detailed report on your certificate validity, cryptographic protocols, and overall security score.

Step 4: Set Up Automatic Renewal

Let’s Encrypt certificates are valid for 90 days. Certbot automatically sets up a background system timer (via cron or systemd) to check for expiring certificates and renew them before they lapse.

To ensure that the automatic renewal system is functioning properly, you can perform a dry run test with the following command:

sudo certbot renew --dry-run

If the command completes without errors, your server is fully configured to renew its SSL certificates automatically, requiring no further manual intervention.