How to configure your website with SSL(Https) certificate in ubuntu

Apr 11, 2022 | 6 min read

What does it mean to enable Http(s) in your website?

Having SSL certificates installed in your server( HTTPs) in your website means that website uses the Hypertext Transfer Protocol Secure (HTTPS) to provide a secure connection between your web and your user’s browser. This secure connection ensures that the data transmitted between your browser and web server are encrypted and protected from tampering your data. Each data transmitted from browser or from server to client both are encrypted .

Functions of SSL

  • SSL/TLS certificates encrypt data transferred between the server and the client, ensuring the data transmitted between client and server is not tampered
  • Verifying the identity of websites, assuring that users are communicating with the real websites instead of a imposter
  • SSL/TLS ensures the data received or sent is not tampered by the middleware or phishers

Benefits of using a SSL certificate in websites

  • Encrypts data to protect it from being intercepted by third parties.
  • Users feel more secure to browse websites with SSL certificates which increases trust with the customer
  • Search engines especially google favors websites with Https layer, making websites more SEO friendly
  • Many regulations and standards require websites to install ssl certificates to protect user’s sensitive data.

Do I need to pay for SSL certificates?

Yes or No. It depends on your choice, You can install a free or choose to pay for an SSL certificate.

If your use is just to integrate with SSL certificates and allow https in your website, you can install free SSL certificates. But with paid service you get additional services like warranties, insurance facility regarding your data protection, technical assistance including higher level of trust and so on ,depending on the third party issuing the certificate.

In this blog we will be installing a free ssl certificate (let’s encrypt) on a Linux machine using apache server.

Before starting the installation, the following prerequisites must be met:

  • You have a Ubuntu server installed with a non-root user with sudo administrative privileges and firewall enabled
  • Fully registered domain name pointed to this server i.e. Domain’s A record pointed to this server’s public IP address
  • Webserver i.e. Apache2 or nginx installed in your machine and configured , you can check How to install virtual host to Ubuntu Server for apache server

Installing Let’s Encrypt

Step 1 : Installing Certbot:

We need to set up certbot to install the SSL certificates in any virtual host installed in that server. So , to install the certbot run the following commands:

$ sudo apt update 
$ sudo apt install certbot python3-certbot-apache //For apache
$ sudo apt install certbot python3-certbot-nginx //for nginx

The first command apt update is used to update your dependencies , we do this in any unix machine to ensure each packages installed are upto date with latest security updates and patches.

Likewise, the first part of second command i.e. apt install certbot is used to install certbot which is an open-source tool that automates the process of obtaining and renewing SSL/TLS certificates from let’s encrypt like wise the later command python3-certbot-apache or python3-certbot-nginx is used to automate the process to configure web server (apache or nginx) to successfully install ssl certificate and use them in the required domain

Step 2: Allowing the firewall to support SSL certificate

Check the status of firewall :

$ sudo ufw status
Status: inactive

Note: If you are in a any of cloud service provider i.e. AWS, Google Cloud or any cloud provider then they have different recommended ways to enable port as it may open up more security vulnerabilities, do find a way to enable port for cloud of your choice(if any). Enable port 443 or https besides 80 and other port required for you.

If your cloud provider does have no suggestions then you can directly enable a port from the machine itself following the code below:

Run this command to enable the firewall in Ubuntu .

To enable run this command:

$ sudo ufw enable

To enable Https run this command

$ sudo ufw allow https

Now after this step if you check the status you can see ,

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
.
.
.
443/tcp                     ALLOW       Anywhere

Step 3 : Installing SSL Certificates

Since we have already installed the web server(apache or nginx) plugin for certbot, it takes care of all the web server configurations you require to set up https.

For Apache

$ sudo certbot --apache

For Nginx

$ sudo certbot --nginx

You might receive multiple prompts to accept terms of service, email , the email here is used to send you notifications in case of certbot error or renewal notifications. Additionally ,it might prompt you to ask your name, location , department, and so on . Except for email and Terms of service, you can read the prompt and decide to provide the details or reject.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.example.com
2: www.example2.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 


Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/www.example1.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/www.example1.com/privkey.pem
This certificate expires on 2024-08-15.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for www.example.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf
Your existing certificate has been successfully renewed, and the new certificate has been installed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Since, this example has 2 hosts, we can add multiple hosts separated by comma(,), or a single one. You can also add all of the hosts separated by comma as 1,2…

Since we provided 1 in the prompt above , it enables SSL for the corresponding domain i.e. www.example.com . If you want to install for another domain at a later time , you can rerun the same command again, or separated by comma to setup all at once e.g. 1,2 , ... and so on

With the above output , we can see that, the certificate is now installed and loaded into Apache’s configuration. Now you can go to the browser and reload the clearing cache so you can see https:// added in front of your website.

Step 4 : Verifying Auto Renewal

Let’s Encrypt certificates are only valid for ninety days.

The Certbot package you installed handles certificate renewals automatically by including a renewal script in /etc/cron.d, which is managed by a systemctl service called certbot.timer. This timer runs twice a day and automatically renews any certificates that are within thirty days of expiration.

To check the status of this service and ensure it’s active, run the following command:

$ sudo systemctl status certbot.timer


certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Fri 2024-05-17 08:55:45 UTC; 57min ago
    Trigger: Fri 2024-05-17 11:20:15 UTC; 1h 27min left
   Triggers: ● certbot.service


May 17 08:55:45 ip-172-31-0-195 systemd[1]: Started Run certbot twice daily.

You can manually run the renewal process by command:

$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
Processing /etc/letsencrypt/renewal/www.example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
Account registered.
Simulating renewal of an existing certificate for www.example.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
Congratulations, all simulated renewals succeeded: 
  /etc/letsencrypt/live/www.example.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

If you don't encounter any errors or see the following output, it's all done. Also Certbot automatically renews the certificate. If in case there's an error when running a renewal command then certbot sends you an email of error report. So you can manually fix it.

Conclusion

In this tutorial we understood the importance of SSL certificates , and the process to install SSL certificates in Linux distributions with any of web server i.e. (Apache2 or Nginx). Following this article you can configure SSL certificates on your domain on Ubuntu Server.

Author Profile Picture

-Sagar Chapagain

I am a Software Engineer, a Solution Architect,a Mentor, a Trainor, a Technologist, Speaker, from land of Himalays, Enthusiasts in Tech, Investment and Economy, with a total years of experience in field of software and application development, Deployment .