This article will help you setup SSL secure access for own domain using Free LetsEncrypt Certificates to use it over https network which is much secure as compared to http,
LAMP (Linux, Apache, MariaDB and PHP) stack up and running on your debian / ubuntu linux distribution.
Enable SSL Secure Access for own domain
You are accessing this site via HTTP. We strongly suggest you configure your server using HTTPS instead as described in our security tips.
In this post we will learn, how to enable and configure SSL Secure access for Nextcloud with LetsEncrypt Free SSL Certificates.
Open the terminal and run the following command
sudo a2enmod ssl
LetsEncrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
They give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can.
SSL Secure access for your domain – Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.
Install Certbot apache2 packages
sudo apt-get update sudo apt-get install software-properties-common sudo apt-get install python3-certbot-apache
Open port 80 and 443 by setting a rule of firewall
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT
Generate Certificates for SSL Secure Access
Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.
sudo certbot --apache
Or, just get a certificate
If you’re feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.
sudo certbot certonly --apache
When prompted enter the following Information:
Domain Name: mydomain.com Email address: [email protected]
This will create the following files
SSL Secure access for your domain with Letsencrypt – Certificate Path:
SSL Secure access with Letsencrypt – Private Key Path:
To obtain SSL Secure access with Letsencrypt, update the file
sudo vi /etc/apache2/sites-available/default-ssl.conf
with the following information
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Then activate the virtual host
sudo a2ensite default-ssl
And restart the apache server
sudo service apache2 restart
To see the certificate information:
sudo certbot certificates
SSL Secure access for your domain – Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command
sudo certbot renew --dry-run
The command to renew certbot is installed in one of the following locations:
/etc/crontab/ /etc/cron./ systemctl list-timers
Confirm that Certbot worked
To confirm that your site is set up with SSL Secure access properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/