Tech
Infected

Linux, OpenSource, Programming And Hacks

Dec 28, 2017

Get Free SSL certificate with Let's Encrypt on Ubuntu Apache Server

Dec 28, 2017
Let's Encrypt is an open certificate authority and provides free SSL Certificates. It's popular for it's simplicity to setup. It's been founded by Mozilla, Cisco and many more.


The setup process is very simple, I have explained it in 3 steps:
In the bottom section I have also mentioned the problems I faced and the solutions that worked.


Make Sure that your website is running on Apache server configured through VirtualHosts and specifies ServerName


Step 1: You should specify ServerName by opening up the /etc/apache2/enabled-sites/000-default.conf

and uncomment the line #ServerName = example.com
in place of example.com put your own domain name

In case you want to give certificate to multiple sub-domains like example.com as well as www.example.com,

right below ServerName, give a ServerAlias

ServerAlias = www.example.com


Step 2: login to your Ubuntu Server and install Let's Encrypt.
if you are logged-in as root user then run these commands without sudo


sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache


Step 3: Now, we will use certbot to generate SSL certificate.

for single domain execute this command
sudo certbot --apache -d example.com

for giving certificate for multiple domains or subdomains
sudo certbot --apache -d example.com -d www.example.com

Note: if you have more than one domain pointing to a VirtualHost then
make others ServerAlias like shown in Step 1 before running this command.

After running the command, you will be asked to enter your email, and asked to choose between http and https redirection, Its recommended you choose https for all.

After the installation is finished you can find the generated certificate files at /etc/letsencrypt/live


Now, you can access your website with https

No need to read the rest if it worked for you.



Here are some problems I faced while following the above steps.


running this command:

certbot --apache -d example.com -d www.example.com

showed the following error:

We were unable to find a vhost with a ServerName or Address of www.example.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: 000-default.conf               | example.me       |       | Enabled
2: 000-default-le-ssl.conf        | example.me       | HTTPS | Enabled
------------------------------------------------------------------------------

Solution:

in /etc/apache2/enabled-sites/000-default.conf
added a new line
ServerAlias = www.example.me

Note: I have already shown this in Step 1




Another error after correcting the first one was a Django Project wsgi related:

Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 14 of /etc/apache2/sites-enabled/000-default.conf:
Name duplicates previous WSGI daemon definition.

Rolling back to previous server configuration...


Solution:

followed this link:
https://github.com/certbot/certbot/issues/1820 

and edited the 000-default.conf and commented out the first line

        #WSGIDaemonProcess myproject python-path=/var/www/myenv:/var/www/myenv/lib/python2.7/site-packages
        WSGIProcessGroup myprojectt
        WSGIScriptAlias / /var/www/myenv/src/myproject/wsgi.py


now restarted apache server
and then again ran the same command
this time got no error!

then I uncommented it again and restarted server, this was necessary because I was getting Internal server error.

Note: in the 000-default-le-ssl.conf file which was generated by certbot, that line is still commented out but it doesn't not give any problem so I don't touch it :)


reference: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04



No comments:

Post a Comment