Apache - Webserver with SSL (Debian 9)

In this article, I describe how to set up Apache with SSL and a Let's Encrypt (letsencrypt) certificate on Debian 9. In a further article I'll show you how to achieve this scenario on CentOS 7.

Let's Encrypt is a CA offering free certificates. Unlike e.g. CaCert, the Let's Encrypt root certificates are already preinstalled in the popular web browsers. The certificates are valid for 3 months and then have to be renewed.

Installation on Debian 9

Make sure, that the backports-Repository is in your /etc/apt/sources.list-file:

deb http://ftp.de.debian.org/debian/ stretch-backports main

Let's start installing the Apache webserver and the Let's encrypt Certbot:

# apt-get install apache2
# apt-get install python-certbot-apache -t stretch-backports

Detailed installation instructions for various Linux distributions can be found at certbot.eff.org.

Configuration of the Hostname

The hostname is set in the file /etc/apache2/sites-enabled/000-default:

ServerName myhost.karl-deutsch.at

Restart the webserver after you changed the textfile:

# systemctl restart apache2

Configuration of Let's encrypt

The configuration is done with this command:

# certbot --apache

You have to answer some questions. Then restart the web server and the new certificate will be active:

# systemctl restart apache2

If you want, you can run the ssl-check on www.ssllabs.com. The result could be similiar to this screenshot:

Renewal of the Certificate

Every 3 months you have to renew the certificate. This is done automatically via a cronjob or manually with this command:

# certbot renew
Go to top