Introduction
SSL certificates are used within server and client to encrypt the traffic. This gives extra security for users accessing the application. Let’s Encrypt is one of free certificates that easily installed on your web servers.
Here’s how to install multiple domains on single apache web server.
Step 1 – Configure vhost file.
We need to prepare apache vhost configuration for SSL.
Create new vhost file with different name.
For example, save to /etc/apache2/site-available/test.com-ssl.conf
<IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@test.com DocumentRoot /websites/com_test_www/www ServerName test.com ErrorLog ${APACHE_LOG_DIR}/error-test.log CustomLog ${APACHE_LOG_DIR}/access-test.log combined Include /etc/letsencrypt/options-ssl-apache.conf ServerAlias test.com ServerAlias www.test.com SSLCertificateFile /etc/letsencrypt/live/test.com-0001/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/test.com-0001/privkey.pem </VirtualHost> </IfModule>
Step 2 – Install Let’s Encrypt
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-apache
Step 3 – Configure the Certificates
sudo certbot --apache -d test.com -d www.test.com
Here’s how to verify after installed new certificate.
https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest
To generate multiple certificates
sudo certbot --apache -d test2.com -d www.test2.com
Step 4 – Auto renewal using crontab
The new certificate will last 3 month but it’s good to renew automatically using cron job.
sudo crontab -e
30 1 * * * /usr/bin/certbot renew --quiet
Step 5 – Redirect http to https
Check if your websites opens fine with https:// , let’s make redirect http:// to https:// using vhost.
Open vhost file used for http.
For example, vi /etc/apache2/site-available/test.com.conf
And put below line:
Redirect permanent / https://test.com
Below is example:
<VirtualHost *:80> ServerAdmin webmaster@test.com DocumentRoot /websites/com_test_www/www ServerName test.com Redirect permanent / https://test.com ErrorLog ${APACHE_LOG_DIR}/error-test.log CustomLog ${APACHE_LOG_DIR}/access-test.log combined </VirtualHost>
Test if your websites redirect http:// to https://
You may need to delete cookies on your browser for testing correctly.
Conclusion
It’s good to check the official Let’s Encrypt blog time to time for important updates.