Let’s Encrypt on Ubuntu 18.04/Apache

DONG Yuxuan @ May 27, 2020 Asia/Shanghai

Make your old HTTP site served by Apache HTTPd on Ubuntu 18.04 an HTTPS site via the certbot utility from Let’s Encrypt.

Installing certbot

% sudo apt-get update
% sudo apt-get install software-properties-common
% sudo add-apt-repository universe
% sudo add-apt-repository ppa:certbot/certbot
% sudo apt-get update
% sudo apt-get install certbot python3-certbot-apache

Getting a Certification

Ensure you already have a functional HTTP site (virtualhost).

We have two choices to get a certification.

  1. sudo certbort certonly --apache can get a certification for you; You run it and it will ask you some information including the domain you want to use, your email for nitifications, etc.;

  2. sudo certbort --apache can get a certification and create an HTTPS apache virtualhost for you; Except asking you about the domain and email, it also asks whether you want it to change the original HTTP virtualhost to forward requests to the new HTTPS site for you.

The second command will modify your Apache config files. Thus the programmer of certbot is not the god, I personally think it will be dangerous. The first command is recommended by me. After getting the certification, y could edit Apache config files yourself. I wrote a tutorial about it.

Renewing a Certification

After getting a certification using certbot, certbot will use crontab or systemd to periodically renew the certification.

You could also renew certifications manually. You can call cerbot renew to renew all the certifications installed on the machine or call certbot --cert-name CERTNAME to renew a specific one.

Revoking a Certification

In some cases you may want to remove a certification. For example, the private key is leaked or you want to migrate to a new server.

According to the official document, to revoke a certification is completed by the following.

% certbot revoke [--cert-path path | --cert-name name]
% certbot delete --cert-name CERTNAME

If you don’t use delete to remove the certificate completely, it will be renewed automatically at the next renewal event.

However, in my practise cerbot revoke will ask whether you want to delete. If you said yes to cerbot revoke it will delete them for you thus you don’t need to call certbot delete.