Installing SSL Apache & Nginx webserver with Certbot

NATVPS.ID – When managing a web server, security and efficiency are two aspects that cannot be ignored. One way to increase security is to use SSL/TLSwhich allows encrypted communication between the server and visitors.

In this tutorial, we will discuss how to configure virtualhost in apache2 and secure the website using SSL Free from Let’s Encrypt with Certbot. With clear and easy to follow steps, you can ensure that your website runs safely using HTTPS.

Condition

• NAT VPS with Ubuntu/Debian OS
• Domain has been registered and there is a note for NAT VPS
• Web server (Apache2 and Nginx)
• Certbot

After ensuring that the minimum requirements have been met, let’s continue to the installation and configuration. Let’s start!

Installation and configuration of let’s encrypt with Certbot for Apache2

Update the package

Before the Apache installation, be sure to update the repository and packages in the system.

apt update

Install Apache

When buying NAT VPSusually Apache web server already installed by default. To be sure, we can use typing comand as follows Apache2 status system.

#Install Apache
apt install apache2

#Melihat Service Apache
systemctl status apache2

Install text editor

To make it easier for us when editing files later, we need to use Editor text. In this tutorial we will use Nano.

apt install nano

Install Certbot

Before getting a SSL certificate from Let’s encryptionWe need to install Certbot on the server. For that, we will use Ubuntu’s default repository. There are two main packages needed:

1. Certbot – The main tool for managing SSL certificates
2. Python3-Certbot-apache – plugins that allow the integration of Certbot with Apacheso that the process of issuing certificates and configurations Https can be done automatically with only one command.

apt install certbot python3-certbot-apache -y

Add domain forwarding

As usual, for NAT VPS, domain forwarding settings need to be done in order Web server can be accessed with domain. Set the domain forwarding for port 80 and 443 so it looks like in the following picture:

Make a configuration of virtualhost apache

To be able to access Web Server We use a domain that has been added to the prosecution domain, we need to use Virtualhost So that each site can be accessed with the right configuration. Following are the steps to create and activate Virtualhost From Apache.

nano /etc/apache2/sites-available/abdulhalim.my.id.conf

Adjust the configuration file name Virtualhost according to the name of the file you want. Here we use the domain name as the configuration name Virtualhost.

Then, copy the configuration below in the file Virtualhost and adjust to the servername, serveralias, and documentroot configuration accordingly belong to friends.

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /var/www/html
    ServerName abdulhalim.my.id
    ServerAlias www.abdulhalim.my.id

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.abdulhalim.my.id [OR]
RewriteCond %{SERVER_NAME} =abdulhalim.my.id
RewriteRule ^  [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin [email protected]
    DocumentRoot /var/www/html
    ServerName abdulhalim.my.id
    ServerAlias www.abdulhalim.my.id

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/abdulhalim.my.id/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/abdulhalim.my.id/privkey.pem
</VirtualHost>

Next save the configuration by pressing Ctrl+X, Y, then enter. Then to activate the configuration, run the following command:

a2ensite abdulhalim.my.id.conf
systemctl reload apache2

Get SSL using Certbot

Certbot offers several methods to get SSL certificates through various plugins. The Apache plugin automatically handles the configuration and re -loads Apache settings when needed. To use it, run the following command:

certbot --apache

After carrying out the order, Certbot will ask a few questions to help configure the SSL certificate. FirstYou will be asked to enter a valid email address, which will be used to send notifications related to updates and security.

Furthermore, Certbot will ask for confirmation about the domain that HTTPS wants to activate. The domains are automatically detected from the configuration Virtualhost Apachevery important to be sure Servername And Serveralias already arranged correctly. If you want to activate HTTPS for all domains (recommended), just press Enter. If only for certain domains, enter the desired domain number, separate it with a comma or space, then press Enter.

If so, then enter the domain of friends in the preferred browser to ensure that SSL is active.

Installation and configuration of let’s encrypt with Certbot for Nginx

To get SSL on the Nginx web server, the steps that will be taken are almost the same. The difference is only in the Certbot plugin used, namely Python3-Certbot-Nginx -Y. For more details, see the tutorial below.

Install Nginx and VirtualHost Configuration

Before installing the Nginx Web Server, Be sure to update the repository and packages in the system.

#Update Repository
apt update

#Install Nginx
apt install nginx

#Cek Service Nginx
systemctl status nginx

After the Nginx Web Server is installed, then we edit the configuration file Virtualhost default from nginx, by adding server_name according to our domain and adjust root to the location of our website.

To edit the file, enter the command below and find the line according to the image.

#Perintah edit File
nano /etc/nginx/sites-available/default

#Konfigurasi VirtualHost
server {

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

server_name abdulhalim.my.id www.abdulhalim.my.id;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

Next, save the configuration by pressing CTRL+X, then Y, and Enter. Then restart the nginx service.

systemctl reload nginx

Add domain forwarding

As usual, for NAT VPS, domain forwarding settings need to be done in order Web server can be accessed with domain. Set the domain forwarding for port 80 and 443 so it looks like in the following picture:

Install Certbot

There are two main packages needed:

1. Certbot – The main tool for managing SSL certificates
2. Python3-Certbot-Nginx – plugins that allow the integration of Certbot with Nginxso that the process of issuing certificates and configurations Https can be done automatically with only one command.

apt install certbot python3-certbot-nginx -y

Get SSL using Certbot

Certbot offers several methods to get SSL certificates through various plugins. Nginx plugins automatically handle re -configuration and re -load nginx settings when needed. To use it, run the following command:

 certbot --nginx

After carrying out the order, Certbot will ask a few questions to help configure the SSL certificate. FirstYou will be asked to enter a valid email address, which will be used to send notifications related to updates and security.

Furthermore, Certbot will ask for confirmation about the domain that HTTPS wants to activate. The domains are automatically detected from the configuration Virtualhost Nginxvery important to be sure name_server already arranged correctly. If you want to activate HTTPS for all domains (recommended), just press Enter. If only for certain domains, enter the desired domain number, separate it with a comma or space, then press Enter.

If so, then enter the domain of friends in the preferred browser to ensure that SSL is active.

Cover

Thank you for following this tutorial! Hopefully useful, and don’t forget to Always maintain your server security.