How to install the https protocol on your Linux Server (Ubuntu 18.04)

by

In this article I describe how to install (for free) the secure https protocol on your Linux Server using certbot (Ubuntu 18.04 and apache).

The contents of the article

  • Have you installed apache?
  • Install Let’s Encrypt client (certbot)
  • Get a new certificate
  • Verification and renewal of the certificate
  • Secure the server with ufw
  • Conclusions

Have you just purchased a Linux Virtual Private Server and want to secure your website? In this article I describe how to install (for free) the secure https protocol on your Linux Server using certbot  and Let’s Encrypt for Ubuntu 18.04 and apache.

Security is fundamental and the https protocol has now become indispensable for every website, webapp or application published on the internet .

If you use Shared Hosting you certainly have an administrative panel (eg CPanel ) that allows you to install the https protocol with a few simple clicks , but what if you have just purchased a Linux VPS?

Quiet, don’t panic . In this article I will describe step by step how to install the secure protocol on your Linux Server.

The guide is designed for Ubuntu Server 18.04 , but with very few changes you can also adapt it to other Linux distributions (Fedora, RHEL, Centos,…).

Are you still looking for a VPS and don’t know which one to choose? Then I recommend you to read my article on linode  which offers SSD Cloud Server Linux for only 5 $ / month.

 

YOU MAY BE INTERESTED IN …Linode: How to create a Linux Cloud Server SSD (with only $ 5)

Have you installed apache?

Before starting make sure you have a Linux account (preferably not the root account) with active sudo privileges .

Then check that the Apache web server is up and running, if not, you can install it with these simple commands.

sudo apt update sudo apt install apache2

Now check that Apache is working with the command

sudo systemctl status apache2

And finally type your server url into the browser, you should see the Apache welcome page for Ubuntu.

[sociallocker] [/ sociallocker]

Install Let’s Encrypt client (certbot)

Here we are, Apache is installed and now we proceed with the installation and configuration of the https protocol .

Add certbot to the Ubuntu repository which is the Let’s Encrypt client

sudo add-apt-repository ppa: certbot / certbot

Awards submission when prompted, then updates the repository and install certbot

sudo apt update sudo apt install python-certbot-apache

Press Y and enter when prompted to complete the installation.

Get a new certificate

Now you need to request a new certificate for your domain (e.g. www.mydomain.com) with the command:

sudo certbot –apache -d www.mydomain.com

You will be asked to enter an email through which you may be contacted for renewals or requests.

Enter email address (used for urgent renewal and security notices) (Enter ‘c’ tocancel):

Insert your valid email .

Then you will be asked to accept the terms of service

Please read the Terms of Service athttps://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You mustagree in order to register with the ACME server athttps://acme-v01.api.letsencrypt.org/directory————————————————– —————————–(A) gree / (C) ancel:

Accept the terms by typing in longer delivery .

Finally you will be asked to share your email

Would you be willing to share your email address with the Electronic FrontierFoundation, a founding partner of the Let’s Encrypt project and the non-profitorganization that develops Certbot? We’d like to send you email about EFF andour work to encrypt the web, protect its users and defend digital rights.————————————————– ————————-(Y) and s / (N) or:

He refuses to share your email by pressing N longer send

At this point you will be asked whether to route all traffic, including http, on a secure https protocol . It is a good idea to do this redirect, but also choose according to what your website traffic is.

The result of a successful installation should look like the following screenshot

Verification and renewal of the certificate

As soon as you have finished the installation you can do a congruence test from the url

https://www.ssllabs.com/ssltest/

Enter the address of your new site and wait for the result, you should get a screen similar to this

Let’s Encrypt certificates expire after 90 days , certbot carries out an automatic renewal of your certificate for you close to the expiry date. To verify that the renewal procedure is working correctly, carry out a test with the command

sudo certbot renew –dry-run

Secure the server with ufw

Your web server is now secure thanks to the https protocol, but if you want to secure the operating system as well, I suggest you also enable the Ubuntu firewall ( ufw ) and open only the routes you really use .

To enable the firewall type the command

sudo ufw enable

Then check the firewall with the command

sudo ufw status

Now enable only the “web routes” that is the TCP ports used by Apache with the command

sudo ufw allow ‘Apache Full’

Disable any other unused routes with the command

sudo ufw deny port / protocol

Example, to disable port 53 in tcp and udp the commands are these

sudo ufw deny 53 / tcp sudo ufw deny 53 / udp

Now your Linux Server is truly secure .

Conclusions

In this article I showed you how to enable the https protocol  and the firewall on an Ubuntu 18.04 Linux Server to secure it through system “Good Practices”.

However, there are also some “ application ” (software) devices related to IT security that should never be underestimated.

Finally, never forget to manage a backup of your systems, security is a fundamental and decisive aspect for the applications of the future.

 

Related Posts:

by Abdullah Sam
I’m a teacher, researcher and writer. I write about study subjects to improve the learning of college and university students. I write top Quality study notes Mostly, Tech, Games, Education, And Solutions/Tips and Tricks. I am a person who helps students to acquire knowledge, competence or virtue.

Leave a Comment