Skip to main content

How to Install Let's Encrypt with Apache on Ubuntu 22.04

·1024 words·5 mins
Ubuntu Apache Let's Encrypt Certbot SSL HTTPS Linux Web Server
Table of Contents

How to Install Let’s Encrypt with Apache on Ubuntu 22.04

Securing a website with HTTPS is no longer optional. Modern browsers warn users when websites are served over unencrypted HTTP, and search engines prioritize secure websites in their rankings. Implementing HTTPS not only protects sensitive data exchanged between users and your server but also improves credibility, compliance, and overall security.

Let’s Encrypt is a free, automated Certificate Authority (CA) that issues SSL/TLS certificates at no cost. Combined with Certbot, the official ACME client, obtaining and maintaining trusted certificates on Apache servers becomes a straightforward process.

This guide demonstrates how to install Let’s Encrypt certificates on Ubuntu 22.04 with Apache HTTP Server, configure HTTPS, and enable automatic certificate renewal.

πŸ“‹ Prerequisites
#

Before proceeding, ensure your environment meets the following requirements:

  • Ubuntu 22.04 server
  • Apache HTTP Server installed or ready to install
  • A registered domain name pointing to your server
  • SSH access with either:
    • Root privileges, or
    • A user account with sudo permissions
  • Ports 80 (HTTP) and 443 (HTTPS) accessible through your firewall

Note: Let’s Encrypt validates domain ownership over the public Internet. Ensure your domain’s DNS records correctly resolve to your server before requesting a certificate.

πŸ”„ Step 1: Update the System
#

Always begin by updating the package index and upgrading installed packages.

sudo apt update
sudo apt upgrade -y

Keeping the system current helps ensure compatibility with the latest security patches and Certbot packages.

🌐 Step 2: Install Apache
#

If Apache is not already installed, install it using the default Ubuntu package repository.

sudo apt install apache2 -y

After installation, verify that the service is running.

sudo systemctl status apache2

A healthy installation should report output similar to:

● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service)
Active: active (running)

If Apache is not running, start and enable it.

sudo systemctl enable --now apache2

πŸ” Step 3: Enable the Apache SSL Module
#

Apache requires the SSL module to serve HTTPS traffic.

First, verify whether the module is already enabled.

apachectl -M | grep ssl

If no output is returned, enable the module.

sudo a2enmod ssl

Restart Apache to apply the changes.

sudo systemctl restart apache2

You can verify that the SSL module is active by running:

apachectl -M | grep ssl

Expected output:

ssl_module (shared)

πŸ“¦ Step 4: Install Certbot
#

Install Certbot together with the Apache integration plugin.

sudo apt install certbot python3-certbot-apache -y

Once installation completes, verify the installed version.

certbot --version

Example output:

certbot 1.21.0

The exact version may vary depending on the Ubuntu repositories.

πŸ”‘ Step 5: Obtain and Install an SSL Certificate
#

With Apache and Certbot installed, you can request your first Let’s Encrypt certificate.

Replace example.com with your own domain.

sudo certbot --apache -d example.com

For multiple domains, specify additional -d parameters.

sudo certbot --apache \
    -d example.com \
    -d www.example.com

During the installation process, Certbot will prompt you to:

  • Enter an email address for renewal notifications
  • Accept the Let’s Encrypt Terms of Service
  • Choose whether to redirect HTTP traffic to HTTPS

Selecting automatic HTTP-to-HTTPS redirection is recommended for most production websites.

Interactive Domain Selection
#

If your Apache server hosts multiple virtual hosts, you can simply run:

sudo certbot --apache

Certbot scans your Apache configuration and displays all eligible domains.

Example:

Which names would you like to activate HTTPS for?

1: example.com
2: www.example.com
3: blog.example.com

Select the desired domains, and Certbot will automatically:

  • Validate domain ownership
  • Download the certificate
  • Configure Apache
  • Reload the web server

No manual SSL configuration is typically required.

πŸ”„ Step 6: Configure Automatic Renewal
#

Let’s Encrypt certificates remain valid for 90 days.

Rather than renewing certificates manually, Certbot installs a systemd timer that periodically checks certificate expiration and renews certificates automatically.

You can verify that renewal is functioning correctly by performing a dry run.

sudo certbot renew --dry-run

A successful test confirms that automatic renewal is correctly configured without modifying existing certificates.

To verify the renewal timer, run:

systemctl list-timers | grep certbot

You should see a scheduled Certbot timer responsible for periodic renewal checks.

βœ… Step 7: Verify HTTPS
#

Once installation completes, verify that HTTPS is working correctly.

Open your browser and visit:

https://example.com

A successful configuration should display:

  • A secure padlock icon
  • A valid SSL certificate
  • No browser security warnings

You can also verify the server using the command line.

curl -I https://example.com

Expected response:

HTTP/2 200
server: Apache

To inspect certificate details directly:

echo | openssl s_client -connect example.com:443 \
    -servername example.com 2>/dev/null \
    | openssl x509 -noout -dates -issuer -subject

This command displays:

  • Certificate issuer
  • Subject
  • Validity period
  • Expiration date

πŸ›  Common Troubleshooting
#

Domain Validation Failed
#

Verify that your DNS records point to the correct server.

dig example.com

Port 80 Is Blocked
#

Let’s Encrypt typically performs HTTP validation over port 80.

Check your firewall configuration.

sudo ufw status

Allow HTTP and HTTPS if necessary.

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Apache Configuration Errors
#

Before requesting a certificate, validate the Apache configuration.

sudo apachectl configtest

Expected output:

Syntax OK

Existing Certificate Issues
#

List installed certificates.

sudo certbot certificates

Renew certificates manually if needed.

sudo certbot renew

πŸ”’ Security Best Practices
#

Installing an SSL certificate is only one part of securing an Apache web server.

Consider implementing additional security measures, including:

  • Keep Ubuntu packages updated regularly.
  • Enable automatic security updates.
  • Disable outdated TLS versions when possible.
  • Use strong cipher suites.
  • Enable HTTP Strict Transport Security (HSTS).
  • Regularly verify certificate expiration.
  • Maintain secure backups of server configurations.

Following these practices helps improve the overall security posture of your web infrastructure.

πŸ“š Conclusion
#

Let’s Encrypt and Certbot provide one of the simplest ways to deploy trusted SSL/TLS certificates on Ubuntu servers.

With only a few commands, you can secure Apache with HTTPS, automate certificate renewal, and improve both website security and user confidence.

By combining Apache’s mature web server capabilities with Let’s Encrypt’s automated certificate management, administrators can deploy production-ready HTTPS without purchasing commercial certificates or performing complex manual configuration.

As long as DNS is correctly configured and automatic renewal remains enabled, your Apache server can continue serving encrypted HTTPS traffic with minimal ongoing maintenance.

Related

How to Set Up a Secure Web Server with Nginx and Certbot
·479 words·3 mins
Nginx Certbot Web Server Let's Encrypt SSL HTTPS
How to Install Joomla on Ubuntu 22.04 (Step-by-Step Guide)
·426 words·2 mins
Joomla Ubuntu LAMP Web Server CMS
Ubuntu Core 26 Brings Major Security and Reliability Upgrades
·1153 words·6 mins
Ubuntu Ubuntu Core Canonical Linux IoT Edge Computing Embedded Systems Cybersecurity OTA Updates Enterprise Linux