To apply HTTPS to an Apache web server, it is necessary to install an SSL certificate and change the Apache settings. HTTPS is a protocol that enhances security between clients and servers by encrypting data. This process covers how to obtain an SSL certificate and apply it to the server.
The following are the general steps to set up HTTPS:
1. Prepare SSL Certificate
An SSL certificate is required to set up HTTPS. There are several methods to obtain a certificate, including the following:
- Let’s Encrypt: Provides free SSL certificates.
- Commercial SSL Certificate: Purchase paid certificates from providers such as Comodo, DigiCert, GlobalSign, etc.
This description covers how to obtain an SSL certificate using the free option Let’s Encrypt.
2. Install Certbot (When using Let’s Encrypt SSL)
To obtain an SSL certificate from Let’s Encrypt, install Certbot. Certbot is a tool that automates the issuance and renewal of certificates.
Installing Certbot on Ubuntu/Debian:
bash code copysudo apt update
sudo apt install certbot python3-certbot-apache
Installing Certbot on CentOS/RHEL:
bash code copysudo yum install epel-release
sudo yum install certbot python3-certbot-apache
3. Set Up HTTPS on Apache (Using Certbot)
Using Certbot, you can automatically obtain an SSL certificate and modify the Apache settings.
Automate SSL Certificate Issuance and Apache Configuration with Certbot:
bash code copysudo certbot --apache
When you run the above command, Certbot will automatically obtain the certificate and modify the Apache configuration file to enable HTTPS. During the process, you will be prompted to enter your domain name and decide whether to apply SSL.
4. Manual Apache Configuration (When Manually Installing SSL Certificate)
To manually install the SSL certificate, you need to modify the Apache configuration file.
1) Activate SSL Module:
On systems based on Ubuntu or Debian, you need to activate the mod_ssl module.
bash code copysudo a2enmod ssl
On CentOS, you can install the mod_ssl package to activate the SSL module.
bash code copysudo yum install mod_ssl
2) Modify Virtual Host File:
Modify the Apache virtual host configuration file to apply HTTPS. Typically, you modify the configuration file located in the /etc/apache2/sites-available/ directory.
Example:
bash code copysudo nano /etc/apache2/sites-available/your-domain.conf
In the your-domain.conf file, add the following HTTPS configuration:
apache code copy<VirtualHost *:443>
ServerName your-domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/your-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/your-domain.com/chain.pem
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Reference the file paths for the certificates provided by Let’s Encrypt. For commercial certificates, the paths must be changed to those of the issued certificates.
3) Verify Port 443 Settings:
Since SSL communication uses port 443, you need to ensure that Apache is listening on this port.
Check the /etc/apache2/ports.conf file for the following entry:
apache code copyListen 443
On CentOS, similar settings can be applied by modifying the /etc/httpd/conf.d/ssl.conf file.
5. Restart Apache
Once the configuration is complete, restart Apache to apply the changes.
Ubuntu/Debian:
bash code copysudo systemctl restart apache2
CentOS/RHEL:
bash code copysudo systemctl restart httpd
6. Automatic SSL Certificate Renewal (When Using Let’s Encrypt)
Let’s Encrypt certificates are valid for 90 days, so it is necessary to configure automatic renewal. Certbot provides an automatic renewal script that can be registered in Crontab.
Open Crontab:
bash code copysudo crontab -e
You can add the following line to set it up to attempt Certbot renewal every day at dawn:
bash code copy0 3 * * * certbot renew --quiet
Conclusion
This process allows you to apply HTTPS to Apache. Using Let’s Encrypt, you can obtain an SSL certificate for free and handle automatic configuration and renewal easily through Certbot.