LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Four Step VPS Webserver: Debian, Apache, Certbot, And Let's Encrypt!

For some reason, I can never remember these certbot commands.  Bookmarked!  –raindog308


Introduction

Apache HTTP Server Logo

Debian, Apache, Certbot, and Let’s Encrypt are frequently used for websites. A problem for beginners, though, is that it’s hard to find simple, clear instructions about how to do the setup. The much needed, simple recipe is given here. In just a few minutes, we can set up a basic website which is served over a secure connection.

After listing the simple recipe, we discuss how hard it was to find it. Then we go through and explain the recipe, step by step, ending with a working server which has a valid Let’s Encrypt certificate.

The Simple Recipe

Here’s the recipe. Just 4 steps:

root@vaporvps ~ # apt-get update
root@vaporvps ~ # apt-get upgrade
root@vaporvps ~ # apt-get install apache2 certbot python3-certbot-apache
root@vaporvps ~ # certbot --apache

Finding The Recipe Is Hard

To see how hard it is for a beginner to find the recipe, let’s check a few places where it seems reasonable to look. Let’s first check the Debian Wiki’s Let’s Encrypt page. This page doesn’t cover Debian’s current version, 11. Also, the page doesn’t clearly show the needed install commands.

If we check the Let’s Encrypt Getting Started page, we are told to visit the Certbot site to get customized instructions. On the linked Certbot page, Debian 11 is not included in the list of possible choices.

Certbot page screenshot

When we do find instructions they often suggest snapd. Snapd is controversial. A lot of people do not like snapd because of its autoupdate feature and for other reasons.

Since simple, clear instructions are so hard to find, I decided to put the recipe here on Low End Box. Let’s go install Apache and Certbot! We’ll have a functioning website with a Let’s Encrypt certificate in just a few monutes:

Stepping Through The Installation Recipe

First, update the OS:

root@vaporvps ~ # apt-get update

[ , , , [

root@vaporvps ~ # apt-get upgrade

[ , , , ]

root@vaporvps ~ #

Next, install Apache, Certbot, and the Certbot extensions for Apache.

root@vaporvps ~ # apt-get install apache2 certbot python3-certbot-apache
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
apache2-bin apache2-data apache2-utils augeas-lenses libapr1 libaprutil1
libaprutil1-dbd-sqlite3 libaprutil1-ldap libaugeas0 liblua5.3-0 python3-acme
python3-augeas python3-certbot python3-cffi-backend python3-configargparse
python3-configobj python3-cryptography python3-distro python3-josepy
python3-openssl python3-parsedatetime python3-requests-toolbelt python3-rfc3339
python3-tz python3-zope.component python3-zope.event python3-zope.hookable
python3-zope.interface
Suggested packages:
apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser
augeas-doc python3-certbot-nginx python-certbot-doc augeas-tools python-acme-doc
python-certbot-apache-doc python-configobj-doc python-cryptography-doc
python3-cryptography-vectors python-openssl-doc python3-openssl-dbg
Recommended packages:
ssl-cert python3-icu
The following NEW packages will be installed:
apache2 apache2-bin apache2-data apache2-utils augeas-lenses certbot libapr1
libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libaugeas0 liblua5.3-0
python3-acme python3-augeas python3-certbot python3-certbot-apache
python3-cffi-backend python3-configargparse python3-configobj
python3-cryptography python3-distro python3-josepy python3-openssl
python3-parsedatetime python3-requests-toolbelt python3-rfc3339 python3-tz
python3-zope.component python3-zope.event python3-zope.hookable
python3-zope.interface
0 upgraded, 31 newly installed, 0 to remove and 1 not upgraded.
Need to get 4,403 kB of archives.
After this operation, 16.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y

[ . . . ]

root@vaporvps ~ #

It’s amazing how many packages get installed! 🤩

We can see that apache is working by visiting our server’s numerical IP address at http://$Server_IP. Of course, it’s not time for https yet! We have to get the certificate.

Get the certificate!

Run this simple command. Answer the questions as they are asked.

root@vaporvps ~ # certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): Not_Oles@metalvps.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let’s Encrypt project and the non-profit organization that
develops Certbot? We’d like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y
Account registered.
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): vaporvps.com
Requesting a certificate for vaporvps.com
Performing the following challenges:
http-01 challenge for vaporvps.com
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations! You have successfully enabled https://vaporvps.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Subscribe to the EFF mailing list (email: Not_Oles@metalvps.com).
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/vaporvps.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/vaporvps.com/privkey.pem
Your certificate will expire on 2022-09-06. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the “certonly” option. To non-interactively
renew *all* of your certificates, run “certbot renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

root@vaporvps ~ #

Did It Work?

Let’s visit https://vaporvps.com and check the security certificate. It’s valid!

Security certificate is valid.

Replace The index.html File With Our Own Code

We can replace the Apache2 Debian Default page with our own code. Now we have a basic website served from our VPS through a secure connection.

VaporVPS Home Page

Notes

No idea why the email wasn’t accepted. It’s always worked before. Maybe because it’s already subscribed.



Not_Oles

No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *