Apache How-To Linux

LetsEncrypt on Apache & Ubuntu 16.04


Securing Apache with free SSL certificates

This has got to be one of the very first things that I do on a fresh Apache servers is get a certificate installed. Before you get here, you’ll want to make sure that you have an Apache web server running on Ubuntu 16.04 (for the sake of this article anyways), your host names setup correctly and DNS configured properly to your webserver.

Certbot does a name lookup against your DNS to ensure that the domain is pointing to your web server and that you have a properly configured hostname on your server. Otherwise, this will fail.


First, let’s get the repository added. You may need to do a sudo apt-get update prior to copying / pasting these in your terminal.

sudo add-apt-repository ppa:certbot/certbot

Do another sudo apt-get update.

sudo apt-get update

Now get Certbot (LetsEncrypt) installed.

sudo apt-get install python-certbot-apache

Getting a new certificate:

sudo certbot --apache -d

For multiple domains:

sudo certbot --apache -d -d

The certbot package we installed takes care of this for us by running certbot renew twice a day via a systemd timer. On non-systemd distributions this functionality is provided by a cron script placed in /etc/cron.d. The task runs twice daily and will renew any certificate that’s within thirty days of expiration.

To test the renewal process, you can do a dry run with certbot:

sudo certbot renew --dry-run 

There is an update to this!

Certbot currently has a work around for the process below the following command. Run this next command instead after getting certbot installed.

See this link for further information:

certbot --authenticator standalone --installer apache -d <yourdomain> --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
Travis Wade
Travis Wade
Just a normal human being living the dream. I'm an IT professional in the Healthcare space with a love and passion for cloud computing and highly redundant infrastructure.

Leave a Reply

Your email address will not be published. Required fields are marked *