In this article I describe how to install (for free) the secure https protocol on your Linux Server using certbot (Ubuntu 18.04 and apache).
The contents of the article
- Have you installed apache?
- Install Let’s Encrypt client (certbot)
- Get a new certificate
- Verification and renewal of the certificate
- Secure the server with ufw
- Conclusions
Have you just purchased a Linux Virtual Private Server and want to secure your website? In this article I describe how to install (for free) the secure https protocol on your Linux Server using certbot and Let’s Encrypt for Ubuntu 18.04 and apache.
Security is fundamental and the https protocol has now become indispensable for every website, webapp or application published on the internet .
If you use Shared Hosting you certainly have an administrative panel (eg CPanel ) that allows you to install the https protocol with a few simple clicks , but what if you have just purchased a Linux VPS?
Quiet, don’t panic . In this article I will describe step by step how to install the secure protocol on your Linux Server.
The guide is designed for Ubuntu Server 18.04 , but with very few changes you can also adapt it to other Linux distributions (Fedora, RHEL, Centos,…).
Are you still looking for a VPS and don’t know which one to choose? Then I recommend you to read my article on linode which offers SSD Cloud Server Linux for only 5 $ / month.
YOU MAY BE INTERESTED IN …Linode: How to create a Linux Cloud Server SSD (with only $ 5)
Have you installed apache?
Before starting make sure you have a Linux account (preferably not the root account) with active sudo privileges .
Then check that the Apache web server is up and running, if not, you can install it with these simple commands.
sudo apt update sudo apt install apache2
Now check that Apache is working with the command
sudo systemctl status apache2
And finally type your server url into the browser, you should see the Apache welcome page for Ubuntu.
[sociallocker] [/ sociallocker]
Install Let’s Encrypt client (certbot)
Here we are, Apache is installed and now we proceed with the installation and configuration of the https protocol .
Add certbot to the Ubuntu repository which is the Let’s Encrypt client
sudo add-apt-repository ppa: certbot / certbot
Awards submission when prompted, then updates the repository and install certbot
sudo apt update sudo apt install python-certbot-apache
Press Y and enter when prompted to complete the installation.
Get a new certificate
Now you need to request a new certificate for your domain (e.g. www.mydomain.com) with the command:
sudo certbot –apache -d www.mydomain.com
You will be asked to enter an email through which you may be contacted for renewals or requests.
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ tocancel):
Insert your valid email .
Then you will be asked to accept the terms of service
Please read the Terms of Service athttps://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You mustagree in order to register with the ACME server athttps://acme-v01.api.letsencrypt.org/directory————————————————– —————————–(A) gree / (C) ancel:
Accept the terms by typing in longer delivery .
Finally you will be asked to share your email
Would you be willing to share your email address with the Electronic FrontierFoundation, a founding partner of the Let’s Encrypt project and the non-profitorganization that develops Certbot? We’d like to send you email about EFF andour work to encrypt the web, protect its users and defend digital rights.————————————————– ————————-(Y) and s / (N) or:
He refuses to share your email by pressing N longer send
At this point you will be asked whether to route all traffic, including http, on a secure https protocol . It is a good idea to do this redirect, but also choose according to what your website traffic is.
The result of a successful installation should look like the following screenshot
Verification and renewal of the certificate
As soon as you have finished the installation you can do a congruence test from the url
https://www.ssllabs.com/ssltest/
Enter the address of your new site and wait for the result, you should get a screen similar to this
Let’s Encrypt certificates expire after 90 days , certbot carries out an automatic renewal of your certificate for you close to the expiry date. To verify that the renewal procedure is working correctly, carry out a test with the command
sudo certbot renew –dry-run
Secure the server with ufw
Your web server is now secure thanks to the https protocol, but if you want to secure the operating system as well, I suggest you also enable the Ubuntu firewall ( ufw ) and open only the routes you really use .
To enable the firewall type the command
sudo ufw enable
Then check the firewall with the command
sudo ufw status
Now enable only the “web routes” that is the TCP ports used by Apache with the command
sudo ufw allow ‘Apache Full’
Disable any other unused routes with the command
sudo ufw deny port / protocol
Example, to disable port 53 in tcp and udp the commands are these
sudo ufw deny 53 / tcp sudo ufw deny 53 / udp
Now your Linux Server is truly secure .
Conclusions
In this article I showed you how to enable the https protocol and the firewall on an Ubuntu 18.04 Linux Server to secure it through system “Good Practices”.
However, there are also some “ application ” (software) devices related to IT security that should never be underestimated.
Finally, never forget to manage a backup of your systems, security is a fundamental and decisive aspect for the applications of the future.