Install Certbot on Ubuntu 22.04 With Apache

By Jennifer Mathew

Updated on Feb 19, 2024

In this tutorial, we'll explain how to install Certbot on Ubuntu 22.04 with Apache. We're securing the Apache using Let’s Encrypt SSL certificates.

Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS. We can install SSL using command-line interface.

Let's Encrypt is a Certificate Authority (CA) that provides SSL/TLS encryption at no charges and the certificate is valid for 90 days, duing which renewal can take place at any time.

Prerequisites

  • A Ubuntu 22.04 and Apache installed dedicated server or cloud server with root or non-root access (for non-root, use "sudo").
  • Registered domain that you wish to get the certificate.
  • A DNS A record that points your domain to the public IP address of the server.

Install Certbot on Ubuntu With Apache

1. Keep server up-to-date

apt update -y

2. Install Certbot Apache Package

apt install certbot python3-certbot-apache -y

3. Obtaining a Certificate

Obtain a certificate using certbot command. The Apache plugin will take care of reconfiguring Apache and reloading the config.

certbot --apache -d yoursite.com -d www.yousite.com

By running certbot first time, you will be prompted to enter an email address and agree to the terms of service. Next, Certbot will communicate with Let's Encrypt server.

Once, it deploy the SSL certificate, it will display similar output:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yousite.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/yousite.com/privkey.pem
This certificate expires on 2024-05-18.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for yousite.com to /etc/apache2/sites-available/yousite.com-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://yousite.com

4. Verify Certbot Auto-renewal

Verify that the Certbot's auto renewal service is active and running. The certbot package we installed takes care of this for us by adding a systemd timer that will run twice a day and automatically renew any certificate that’s within thirty days of expiration.

You can query the status of the timer with systemctl:

systemctl status certbot.timer

Similar output will be print on the console:

● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Sun 2024-02-18 11:41:26 UTC; 6min ago
    Trigger: Sun 2024-02-18 14:08:16 UTC; 2h 19min left
   Triggers: ● certbot.service

Feb 18 11:41:26 yousite.com systemd[1]: Started Run certbot twice daily.

5. Test automatic renewal

Certbot comes with a cron job or systemd timer that will renew your certificates automatically before they expire.

Let's test automatic renewal for our certificates by running this command:

certbot renew --dry-run

Similar output will print:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/squid.hnxcloud.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for squid.hnxcloud.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/squid.hnxcloud.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5. Confirm SSL certificate

To confirm that our site is set up properly, visit https://yoursite.com/ in your browser and look for the lock icon in the URL bar

That's it. We have seen how to install Certbot on Ubuntu 22.04 with Apache.