How to Install Apache and Secure with Let’s Encrypt Certificate?

Let’s learn how to install the Apache HTTP server and secure that with the Let’s Encrypt Certificate.

Introduction

Apache is one of the most widely used HTTP web servers. Setting up the apache and securing it with an SSL cert is the first step you need to do for your web applications.

In this tutorial, you will learn how to set up Apache for your website on Ubuntu and CentOS. I’ve tested this on DigitalOcean VM.

For the demonstration purpose. I’m going to use the test domain name test.sanakil.xyz, which is supercharged by Cloudflare.

Don’t forget to replace the test.sanakil.xyz domain with your actual domain. 📢

DNS Record Creation

Login to Cloudflare or your domain registrar (if not Cloudflare) and create an A record to point the domain to the cloud VM’s IP.

Log in to your cloud server via SSH.

Installing Apache(Ubuntu)

To update the available packages up-to-date

sudo apt-get update

Install apache

sudo apt-get install apache2

Allow ports 80 and 443 in your firewall for the HTTP server.

sudo ufw allow 'Apache Full'

Check that your installed apache running correctly

sudo systemctl status apache2

Installing Apache(CentOS)

Update the available packages up-to-date.

sudo yum update

Install Apache

sudo yum install httpd

Add ports 80 and 443 in the firewall to access the web app.

sudo firewall-cmd --permanent --add-service=http

sudo firewall-cmd --permanent --add-service=https

sudo firewall-cmd --reload

Start apache and check the running status

sudo systemctl start httpd

sudo systemctl status httpd

Create VirtualHost for the website

A virtual host can be created in two ways depending upon which type of web app/ website we serve.

Suppose the application already has a web server like Node running on a port. We can use a proxy to serve it in apache. Or if the app is just serving the files like static sites. We can specify the path of the application to serve in apache.

Create a Virtual host file in apache – the configuration file can be in any name. But keeping it with the domain name which we are going to serve the web app will be better for easy identification.

Additional setup for CentOS

In CentOS(SELinux), not everything is enabled by default like Ubuntu.

We have to create sites-enabled and sites-available folders in apache.

sites-enabled – tells apache to serve visitor with the conf files in it

sites-available – store the virtual host conf files

sudo mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled

Now tell the apache to read the conf file in the sites-enabled folder.

sudo vi /etc/httpd/conf/httpd.conf

Add the below line at the end of the file

IncludeOptional sites-enabled/*.conf

Configure Apache to serve files

• Create a folder for serving your web app

sudo mkdir -p /var/www/test.sanakil.xyz/webapp

sudo vi /var/www/test.sanakil.xyz/webapp/index.html

• Paste the below HTML snippet for testing

<!DOCTYPE html>
<html lang="en">
<head>
<title>Apache webapp</title>
</head>
<body>
<h1>My Apache webapp is working in test.sanakil.xyz</h1>
</body>
</html>

• Create a folder to generate and store logs

sudo mkdir -p /var/www/test.sanakil.xyz/log
sudo touch /var/www/test.sanakil.xyz/request.log
sudo touch /var/www/test.sanakil.xyz/log/error.log

• Open conf file(Ubuntu)

sudo vi /etc/apache2/sites-available/test.sanakil.xyz.conf

sudo vi /etc/httpd/sites-available/test.sankil.xyz.conf

<VirtualHost *:80>
ServerName test.sanakil.xyz
ServerAlias test.sanaki.xyz
DocumentRoot /var/www/test.sanakil.xyz/webapp
ErrorLog /var/www/test.sankil.xyz/log/error.log
CustomLog /var/www/test.sanakil.xyz/log/requests.log combined
</VirtualHost>

sudo chown -R $USER:$USER /var/www/test.sanakil.xyz

sudo chmod -R 755 /var/www/test.sanakil.xyz

sudo a2ensite test.sanakil.xyz.conf

sudo a2dissite 000-default.conf

sudo systemctl restart apache2

Create a symbolic link for apache

sudo ln -s /etc/httpd/sites-available/test.sanakil.xyz.conf 
/etc/httpd/sites-enabled/test.sanakil.xyz.conf

Restart apache to make changes to take effect.

sudo systemctl restart httpd

Enabling HTTPS

Enabling HTTPS in apache webserver in Ubuntu has been made easy by using certbot and Let’s Encrypt. 

Let’s Encrypt is a non-profit organization which provided SSL certificate for millions of website free.

Certbot is software that will automatically set up HTTPS for our website using let’s encrypt.

Add and install certbot for apache(Ubuntu)

sudo add-apt-repository ppa:certbot/certbot

sudo apt install python-certbot-apache

Add and install certbot for apache(CentOS)

sudo yum install epel-release

sudo yum install certbot python2-certbot-apache mod_ssl

Get SSL certificate

sudo certbot --apache -d your-domain-name

If all the verification is done by certbot without any issues.

It will ask for HTTPS redirection. Select option 2 and enter.

That’s it.

If everything works correctly, https://test.sanakil.xyz will show a basic HTML index page that we have created.

Conclusion

I hope this gives you an idea about installing and implement an SSL certificate on Apache.

Next, find out how to implement a certificate in Nginx.