Chris Mepham

Chris Mepham

Sharing my digital learnings.

How To Configure Certbot With Apache

1 minute read

This one was a long time coming, but I finally got around to checking out Certbot via LetsEncrypt. This guide will demonstrate how to quickly and easily setup signed SSL certificates for multiple web services that use reverse proxy behind an Apache server, running on Ubuntu 16.04.

The setup

The first step if to create the Apache virtual host entries for both web services. Setting up the virtual hosts is necessary so that CertBot can pick them up later on.

Pre-requisites

Ensure you have enabled the following Apache2 modules:

sudo a2enmod rewrite
sudo a2enmod lbmethod_byrequests
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod proxy
sudo systemctl reload apache2

Webservice 1

<VirtualHost *:*>
    ServerName localhost
    ProxyPreserveHost On
    ProxyPass / http://0.0.0.0:8000/
    ProxyPassReverse / http://0.0.0.0:8000/

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =localhost [OR]
    RewriteCond %{SERVER_NAME} =webservice1.co.uk
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Webservice 2

<VirtualHost *:*>
    ServerName webservice2.com
    ProxyPreserveHost On
    ProxyPass / http://0.0.0.0:8802/
    ProxyPassReverse / http://0.0.0.0:8802/

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =webservice1.co.uk
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Remember to enable the virtual hosts using the command sudo a2ensite webservice1.com.conf and sudo service apache2 reload.

Install Certbot

Simply run the following commands in the terminal:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

Configure a certificate for one of the webservices

Run sudo certbot --apache in the terminal and follow the prompts.

You can now navigate to the webservice using the the https protocol. So simple!

Automatic renewal

Automatic renewly, of the 90 certificates, is active be default but you can test this mechanism using sudo certbot renew --dry-run.

You may also enjoy

Ocp Data Types

2 minute read

OCP - Data types Java supports two data types:

Ocp Packages And Imports

2 minute read

OCP - Packages and imports In Java, packages are used to group classes. This is to prevent naming conflicts and to better organise the code.

Ocp Executing The Jvm

4 minute read

OCP - Executing the JVM When a Java program is “executed” or “ran” what is actually happening is that we are executing the Java Virtual Machine (JVM) and pas...