Create SSL Certificate for your domain/vhost on Debian
May 16, 2022
Setting up your domain in apache is not a big deal at all. Same goes for the SSL Certificate, as it is most likely configured in about 5 minutes.
Requirements
- configured vhost file for apache;
- domain alrady working on port 80;
1. Example vhost file for our port 80
Your apache vhost file should look something like this and be already ready to use:
<VirtualHost *:80>
ServerAdmin admin@yourdomain.com
DocumentRoot /var/www/html/yourproject
ServerName yourdomain.com
ServerAlias www.yourdomain.com
Alias / "/var/www/html/yourporject/"
<Directory /var/www/html/yourproject>
Options +FollowSymlinks
AllowOverride All
</Directory>
</VirtualHost>
2. Install Certbot
First install certbot if not done yet:
apt-get install certbot -y
3. Register certificate
Before we can register our certificate shutdown apache:
systemctl stop apache2
Now start the process
certbot certonly --standalone -d yourdomain.com
For the first time you will be prompted now with some additional information, like your email adress. Fill all data and accept the TOS.
Your certificate is now ready to use.
4. Start apache again
To keep your downtimes low you can already start apache again:
systemctl start apache2
Don't forget to enable ssl module for apache2
a2enmod ssl
5. Adjust your vhost file
Let's edit your vhost file with nano:
cd /etc/apache2/sites-available/
nano yourdomain.com.conf
Your file should look like this. What we do is redirect all traffic on port 80 directly to port 443 SSL. Don't forget to add lines for SSLCertificateFile and SSLCertificateKeyFile.
<VirtualHost *:80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
Redirect permanent / https://yourdomain.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@yourdomain.com
DocumentRoot /var/www/html/yourproject
ServerName yourdomain.com
ServerAlias www.yourdomain.com
Alias / "/var/www/html/yourporject/"
<Directory /var/www/html/yourproject>
Options +FollowSymlinks
AllowOverride All
</Directory>
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
</VirtualHost>
6. Reload apache configuration
If your apache is still offline until now, a normal start should be enough. If apache already running again, reload the config now:
systemctl reload apache2
If everything is without errors, your domain should run on SSL now.