SSL

When accessing a website through HTTP, the content exchanged between the user and the server is not encrypted. This means that the content can be read by anyone intercepting it. An encrypted link between the server and the client can be established using SSL.

When using SSL, the server must posess certificates to prove it can be trusted. Certificates are usualy delivered by official authorities, but recently, a service called Let's Encrypt offers certificates to anyone. The obtention of certificate is automated using a software called certbot. The installation and usage of certbot on Ubuntu for Apache2 is explained here.

For Ubuntu, certbot is available as package:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache

It is advised to run certbot with the certonly option to avoid messing up the original apache configuration:

certbot --apache certonly

The advantage of the certbot packages is that automatic renewal is enabled by default.

After certbot has been run, the apache ssl module must be enabled:

a2enmod ssl

Also, a site configuration file must be enabled to handle requests at the URL of the certifcates.

Finally, Apache can be restarted and the website should be available through HTTPS

service apache2 restart
×