------------------------------------------------------------------------------- DEBIAN - APACHE2 - INSTALL SSL-CERTIFICATE WITH CERTBOT ------------------------------------------------------------------------------- Prerequisites: + A running instance of Debian 12+, tested under 13 (Trixie) + Apache2.x WebServer installed and running // apt install -y apache2 php + DomainName pointing to your server's public IP address ------------------------------------------------------------------------------- Step 1: Install Certbot ------------------------------------------------------------------------------- Certbot is an easy-to-use automated client that fetches and deploys SSL/TLS certificates for your web server. To install Certbot and its Apache plugin, use the following commands: # Update the package list $ sudo apt update -y # Install Certbot's Apache package $ sudo apt install python3-certbot-apache -y ------------------------------------------------------------------------------- Step 2: Obtain an SSL Certificate ------------------------------------------------------------------------------- With Certbot installed, you can now obtain an SSL certificate for your domain: # Obtain an SSL certificate and configure Apache to use it $ sudo certbot --apache -d yourdomain.com -d www.yourdomain.com Follow the on-screen prompts to complete the process. Certbot will modify your Apache configuration files to use the new SSL certificate. ------------------------------------------------------------------------------- Step 3: Verify Auto-Renewal ------------------------------------------------------------------------------- Let's Encrypt certificates are valid for 90 days, but Certbot can automatically renew them. Verify that the auto-renewal process is set up correctly: # Test the renewal process $ sudo certbot renew --dry-run If the dry run is successful, Certbot will automatically renew your certificates before they expire. ------------------------------------------------------------------------------- Step 4: Enhance Security Settings ------------------------------------------------------------------------------- Beyond installing the SSL certificate, it's advisable to adjust your Apache configuration to use strong encryption protocols and ciphers. Edit your domain's SSL configuration file, often found in /etc/apache2/sites-available/yourdomain.com-le-ssl.conf, to include the following settings: ... SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!aNULL:!MD5 ... ------------------------------------------------------------------------------- After making changes, restart Apache to apply the new security settings: ------------------------------------------------------------------------------- # Restart Apache $ sudo systemctl restart apache2 ------------------------------------------------------------------------------- Conclusion ------------------------------------------------------------------------------- Securing Apache with an SSL certificate from Let's Encrypt is a straightforward process that significantly improves the security posture of your web services. By following the steps outlined above, you can ensure that your Apache server on Debian 12 is using a trusted certificate, making communication with your users secure. For organizations looking to maintain high security standards without the overhead of handling it in-house, the option to hire remote DevOps engineers can provide the expertise needed to manage and secure web server environments efficiently.