Apache: Enable HTTPS

The good folks at the Let’s Encrypt project have made supporting encrypted connections ridiculously easy.

First install Certbot, the Let’s Encrypt client:

sudo apt install python-certbot-apache

Let Certbot obtain and install a domain validation certificate for your site(s):

sudo certbot --apache

Let’s Encrypt certificates last for 90 days but can be renewed automatically using the renew command:

sudo certbot renew

We can set up a cron job to run this command automatically. Edit the root user’s crontab using:

sudo crontab -e

Add the following line:

30 0 * * * /usr/bin/certbot renew

This will run the renew command at 00:30 each day. Note that renew only renews certificates that are actually expiring so running the command daily does not place an unnecessary burden on the Let’s Encrypt servers.

Leave a Reply

Your email address will not be published. Required fields are marked *