For some reason, I can never remember these certbot commands. Bookmarked! –raindog308
Introduction
Debian, Apache, Certbot, and Let’s Encrypt are frequently used for websites. A problem for beginners, though, is that it’s hard to find simple, clear instructions about how to do the setup. The much needed, simple recipe is given here. In just a few minutes, we can set up a basic website which is served over a secure connection.
After listing the simple recipe, we discuss how hard it was to find it. Then we go through and explain the recipe, step by step, ending with a working server which has a valid Let’s Encrypt certificate.
The Simple Recipe
Here’s the recipe. Just 4 steps:
root@vaporvps ~ # apt-get update
root@vaporvps ~ # apt-get upgrade
root@vaporvps ~ # apt-get install apache2 certbot python3-certbot-apache
root@vaporvps ~ # certbot --apache
Finding The Recipe Is Hard
To see how hard it is for a beginner to find the recipe, let’s check a few places where it seems reasonable to look. Let’s first check the Debian Wiki’s Let’s Encrypt page. This page doesn’t cover Debian’s current version, 11. Also, the page doesn’t clearly show the needed install commands.
If we check the Let’s Encrypt Getting Started page, we are told to visit the Certbot site to get customized instructions. On the linked Certbot page, Debian 11 is not included in the list of possible choices.
When we do find instructions they often suggest snapd. Snapd is controversial. A lot of people do not like snapd because of its autoupdate feature and for other reasons.
Since simple, clear instructions are so hard to find, I decided to put the recipe here on Low End Box. Let’s go install Apache and Certbot! We’ll have a functioning website with a Let’s Encrypt certificate in just a few monutes:
Stepping Through The Installation Recipe
First, update the OS:
root@vaporvps ~ # apt-get update
[ , , , [
root@vaporvps ~ # apt-get upgrade
[ , , , ]
root@vaporvps ~ #
Next, install Apache, Certbot, and the Certbot extensions for Apache.
root@vaporvps ~ # apt-get install apache2 certbot python3-certbot-apache
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
apache2-bin apache2-data apache2-utils augeas-lenses libapr1 libaprutil1
libaprutil1-dbd-sqlite3 libaprutil1-ldap libaugeas0 liblua5.3-0 python3-acme
python3-augeas python3-certbot python3-cffi-backend python3-configargparse
python3-configobj python3-cryptography python3-distro python3-josepy
python3-openssl python3-parsedatetime python3-requests-toolbelt python3-rfc3339
python3-tz python3-zope.component python3-zope.event python3-zope.hookable
python3-zope.interface
Suggested packages:
apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser
augeas-doc python3-certbot-nginx python-certbot-doc augeas-tools python-acme-doc
python-certbot-apache-doc python-configobj-doc python-cryptography-doc
python3-cryptography-vectors python-openssl-doc python3-openssl-dbg
Recommended packages:
ssl-cert python3-icu
The following NEW packages will be installed:
apache2 apache2-bin apache2-data apache2-utils augeas-lenses certbot libapr1
libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libaugeas0 liblua5.3-0
python3-acme python3-augeas python3-certbot python3-certbot-apache
python3-cffi-backend python3-configargparse python3-configobj
python3-cryptography python3-distro python3-josepy python3-openssl
python3-parsedatetime python3-requests-toolbelt python3-rfc3339 python3-tz
python3-zope.component python3-zope.event python3-zope.hookable
python3-zope.interface
0 upgraded, 31 newly installed, 0 to remove and 1 not upgraded.
Need to get 4,403 kB of archives.
After this operation, 16.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
[ . . . ]
root@vaporvps ~ #
It’s amazing how many packages get installed! 🤩
We can see that apache is working by visiting our server’s numerical IP address at http://$Server_IP. Of course, it’s not time for https yet! We have to get the certificate.
Get the certificate!
Run this simple command. Answer the questions as they are asked.
root@vaporvps ~ # certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): Not_Oles@metalvps.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let’s Encrypt project and the non-profit organization that
develops Certbot? We’d like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y
Account registered.
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): vaporvps.com
Requesting a certificate for vaporvps.com
Performing the following challenges:
http-01 challenge for vaporvps.com
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations! You have successfully enabled https://vaporvps.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Subscribe to the EFF mailing list (email: Not_Oles@metalvps.com).
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/vaporvps.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/vaporvps.com/privkey.pem
Your certificate will expire on 2022-09-06. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the “certonly” option. To non-interactively
renew *all* of your certificates, run “certbot renew”
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@vaporvps ~ #
Did It Work?
Let’s visit https://vaporvps.com and check the security certificate. It’s valid!
Replace The index.html File With Our Own Code
We can replace the Apache2 Debian Default page with our own code. Now we have a basic website served from our VPS through a secure connection.
Notes
No idea why the email wasn’t accepted. It’s always worked before. Maybe because it’s already subscribed.
Related Posts:
My Low End Adventures started here at LowEndBox, when just a few years back, I found the perfect deal on a dedicated server from OVH!
These days I own my own gorgeous antique server named Darkstar. She is colocated in Dallas, Texas USA at LevelOneServers.com.
Besides writing for LowEndBox, helping as a moderator at LowEndTalk and running Darkstar, I'm trying to learn a little about programming and networking.
All these years, and, still, so much more to learn! So many people here who can teach me!
It's very, very fun here on the Low End, isn't it? :)
- HostSailor Greenhouse (NL) Fujitsu Primergy Dedicated Server Review - October 23, 2022
- How Much Faster Is Making A Tar Archive Without Gzip? - October 7, 2022
- How To Move Your Site To Oracle Cloud Free Tier With scp(1) - September 29, 2022
Leave a Reply