If you want to secure your Apache web server, first thing to consider is to install and enable TLS/SSL on your web server. So, you can access your website using https://yourdomain.com. And there is a free service called Lets Encrypt that provide a free trusted SSL certificate for our system. This tutorial is going to show you how to configure Lets Encrypt on Debian 8.
Steps to install Lets Encrypt on Debian 8
Step 1. Install Certbot, the Lets Encrypt Client
Use the following command to add the repository to Debian 8
echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list
Now Update Debian
apt update
Finally, install certbot
root@debian-512mb-sgp1-01:~# apt-get install python-certbot-apache -t jessie-backports Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: python-cffi python-ply python-pycparser Use 'apt-get autoremove' to remove them. The following extra packages will be installed: augeas-lenses certbot libaugeas0 libpython2.7 python-acme python-augeas python-certbot python-cffi python-cffi-backend python-configargparse python-cryptography python-dnspython python-enum34 python-funcsigs python-idna python-ipaddress python-mock python-openssl python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-pyicu python-rfc3339 python-setuptools python-six python-tz python-zope.component python-zope.event python-zope.interface Suggested packages: augeas-doc python-certbot-doc augeas-tools python-acme-doc python-certbot-apache-doc python-dev python-cryptography-doc python-cryptography-vectors python-enum34-doc python-funcsigs-doc python-mock-doc python-openssl-doc python-openssl-dbg python-psutil-doc doc-base python-setuptools-doc The following NEW packages will be installed: augeas-lenses certbot libaugeas0 libpython2.7 python-acme python-augeas python-certbot python-certbot-apache python-cffi-backend python-configargparse python-dnspython python-enum34 python-funcsigs python-idna python-ipaddress python-mock python-parsedatetime python-pbr python-psutil python-pyicu python-rfc3339 python-tz python-zope.component python-zope.event python-zope.interface The following packages will be upgraded: python-cffi python-cryptography python-openssl python-pkg-resources python-pyasn1 python-setuptools python-six 7 upgraded, 25 newly installed, 0 to remove and 66 not upgraded. Need to get 3,797 kB of archives. After this operation, 13.3 MB of additional disk space will be used. Do you want to continue? [Y/n]
Step 2. Setup SSL Certificate
Now we are ready to create a new SSL Certificate for our websites. It will read from the virtual hosts file the list of website in our server.
root@debian-512mb-sgp1-01:~# certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: theplanetfootball.com 2: www.theplanetfootball.com ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):
Follow on screen wizard until it completed. Once completed and no error shown, we can test it. Open web browser and type the following address
https://www.ssllabs.com/ssltest/analyze.html?d=theplanetfootball.com&latest
It will take some times until completed. Once finished, you should see something like this. (Don’t forget to change the domain with yours)
Leave a Reply