in Resources

How to Install Apache and Secure it with Let‘s Encrypt Certificate

default image

Setting up a web server with Apache and securing it with HTTPS using Let‘s Encrypt is essential for any website or web application you plan to host online. This comprehensive guide will walk you through how to install Apache, obtain a free SSL certificate from Let‘s Encrypt, and configure everything on both Ubuntu and CentOS servers.

Introduction

Apache is the most popular open source web server software that powers around 37% of all active websites on the Internet. It is free, stable, and has a huge community behind it.

Some key advantages of using Apache:

  • Open source and free
  • Secure, fast and reliable
  • Supports wide range of modules and customization
  • Runs on both Linux and Windows
  • Great documentation and community support

We will be using Apache 2.4, the latest stable version with improvements in security, performance and other features.

In this tutorial, you will learn:

  • How to install Apache on Ubuntu 20.04 and CentOS 8
  • Obtaining a free SSL certificate from Let‘s Encrypt
  • Setting up HTTPS on your Apache server
  • Configuring virtual hosts for your websites

Prerequisites

Before you begin, you will need:

  • A registered domain name pointed to your server IP – for example example.com
  • A server running Ubuntu 20.04 or CentOS 8 with a static public IP address
  • Root access to the server or a user account with sudo privileges

The examples will use example.com as the domain name. Be sure to replace it with your own domain.

Step 1 – Install Apache on Ubuntu 20.04

Apache is available in Ubuntu‘s default repositories, making it easy to install.

First, update the package index:

sudo apt update

Next, install Apache with:

sudo apt install apache2

The Apache service will start automatically. To verify it is running:

sudo systemctl status apache2

You should see an active (running) status.

Allow traffic on ports 80 and 443 through the UFW firewall:

sudo ufw allow ‘Apache‘

Apache is now installed and running on your Ubuntu server.

Step 1 – Install Apache on CentOS 8

On CentOS, Apache is provided by the httpd package.

Begin by updating the system packages:

sudo yum update

Then install httpd:

sudo yum install httpd

Start the httpd service and enable it to start at boot:

sudo systemctl start httpd
sudo systemctl enable httpd

Open the firewall for HTTP and HTTPS traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Check the status to verify Apache is running:

sudo systemctl status httpd

This will install a basic Apache server on CentOS 8.

Step 2 – Adjust the Firewall (Optional)

If you want to open Apache only to certain IP addresses, you can restrict access.

For example, to allow only your local computer‘s IP to connect, find your IP:

hostname -I

On the server, allow this IP through the firewall:

Ubuntu

sudo ufw allow from your_ip to any port 80,443 proto tcp

CentOS

sudo firewall-cmd --permanent --add-rich-rule=‘rule family="ipv4" source address="your_ip" port protocol="tcp" port="80,443" accept‘
sudo firewall-cmd --reload

This will tighten access to your Apache server.

Step 3 – Check your Web Server

At this point Apache is up and running on your server. To confirm it‘s working properly, visit your server‘s domain or IP address in a web browser:

http://your_server_ip

You should see the default Apache test page:

Apache default page

This verifies your web server is operational.

Step 4 – Install Certbot

Let‘s Encrypt provides free SSL certificates using an automated tool called Certbot. We will use Certbot to generate and configure our HTTPS certificates.

Ubuntu 20.04

On Ubuntu, Certbot is available in the default repositories:

sudo apt install certbot python3-certbot-apache

CentOS 8

On CentOS, enable the EPEL repository which contains Certbot:

sudo yum install epel-release

Then install Certbot:

sudo yum install certbot

Certbot is now ready to use on both systems.

Step 5 – Obtain an SSL Certificate

To obtain an SSL certificate for your domain, run:

sudo certbot --apache -d example.com

Replace example.com with your actual domain name.

Certbot will prompt you to enter an email address and agree to the terms of service. It will then communicate with the Let‘s Encrypt server to obtain a valid certificate for your domain.

If successful, Certbot will ask if you‘d like to redirect all traffic to HTTPS. Select this option to force HTTPS:

Redirecting all traffic on port 80 to ssl in /etc/apache2/sites-enabled/000-default.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you‘re confident your site works on HTTPS. You can undo this
change by editing your web server‘s configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press ‘c‘ to cancel):

Select option 2 to redirect all HTTP traffic to HTTPS. Certbot will update your Apache configuration automatically.

Your certificate is now issued and installed. Your server should be serving HTTPS traffic on port 443.

Step 6 – Verify Certification

To verify HTTPS is working, visit your domain in a browser:

https://example.com

You should see the lock icon and secure HTTPS connection:

HTTPS enabled

Click the lock and you can inspect the certificate details including the issuer "Let‘s Encrypt Authority X3".

Use openssl to examine the certificate files on your server:

sudo openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -text -noout

This confirms your valid SSL certificate issued by Let‘s Encrypt. Your Apache server is now serving HTTPS traffic securely.

By default, Apache only serves traffic from the root directory /var/www/html. Instead of putting all your website files here, it‘s best to configure virtual hosts to serve from specific directories.

First, create a directory for your site, for example:

sudo mkdir /var/www/example.com

Create an index.html file in it:

sudo vi /var/www/example.com/index.html

Add some basic HTML:

<html>
  <head>
    <title>Welcome to Example.com!</title>
  </head>
  <body>

  </body>
</html>

Ubuntu Configuration

Create the virtual host file:

sudo vi /etc/apache2/sites-available/example.com.conf

Add the following configuration, updating the ServerName and document roots:

<VirtualHost *:80>
  ServerName example.com
  ServerAlias www.example.com
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/example.com
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Enable the new virtual host:

sudo a2ensite example.com

CentOS Configuration

Create the virtual host file:

sudo vi /etc/httpd/conf.d/example.com.conf

Add the same configuration:

<VirtualHost *:80>
  ServerName example.com
  ServerAlias www.example.com   
  DocumentRoot /var/www/example.com
  ErrorLog /var/www/example.com/error.log
  CustomLog /var/www/example.com/requests.log combined
</VirtualHost>

No need to explicitly enable it, just restart Apache.

Finally for both systems, restart Apache to load the new configuration:

sudo systemctl restart apache2

Now when you visit your domain, you should see the custom index page:

Virtual host example

You can repeat this process to configure any number of virtual hosts on your server.

Conclusion

That covers the complete process of installing Apache, obtaining an SSL certificate from Let‘s Encrypt, and configuring virtual hosts on both Ubuntu 20.04 and CentOS 8.

Your web server is now securely serving HTTPS traffic for your domains. The virtual host structure allows you to easily add new websites and applications.

Some next steps and other ideas to explore:

  • Configure your domains to point to your server IP address using DNS records
  • Port forward port 80/443 through your firewall if hosting externally
  • Optimize Apache performance by installing caching modules like mod_cache
  • Monitor traffic and access logs using tools like GoAccess or AWStats
  • Harden security by restricting unused modules, enabling HTTP Strict Transport Security, and more

Apache is very flexible and can be customized to your specific needs. The official documentation provides a wealth of information to help configure your server and learn more advanced configurations.

AlexisKestler

Written by Alexis Kestler

A female web designer and programmer - Now is a 36-year IT professional with over 15 years of experience living in NorCal. I enjoy keeping my feet wet in the world of technology through reading, working, and researching topics that pique my interest.