Enable HTTPS for Apache.md

categories	date	lastmod	description	slug	tags	title
Sysadmin How-To Web Hosting	2022-07-04	2022-07-04	This article introduces two methods for getting SSL certificates for Apache, one by HTTP challenge, and the other by DNS validation. These methods also apply to Nginx.	enable-https-for-apache	SSL Apache	Enable HTTPS for Apache

1. Use Certbot (HTTP challenge)

Adjust the command to the corresponding package manager and HTTP server.

apt update
apt install -y certbot python-certbot-apache
# If python-certbot-apache cannot be found, try python3-certbot-apache instead.

certbot --apache -d example.net

This method automatically installs the certificates generated by adjustments to the HTTP server config files.

---

2. Use acme-dns-certbot (DNS validation)

Use this method when ports 80 and 443 aren't available. The ACME server does HTTP challenges over ports 80 and 443, so in this case, HTTP challenges won't work.

apt install -y certbot

Check if python-requests library is installed before proceeding to the next step.

curl -o /etc/letsencrypt/acme-dns-auth.py https://raw.githubusercontent.com/joohoi/acme-dns-certbot-joohoi/master/acme-dns-auth.py
chmod u+x /etc/letsencrypt/acme-dns-auth.py

Add a 3 to the end of the first line of acme-dns-auth.py, making it look like this:

#!/usr/bin/env python3

certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d your-domain

Add the CNAME records per the instructions given by Certbot, and the SSL certificates should be good to go.

---

References

Jay's video on using Certbot to get an SSL certificate

Apache SSL configurations from Apache official docs

How to get an SSL certificate using DNS validation with acme-dns-certbot