Sysadmin How-To Web Hosting

Enable HTTPS for Apache

This article introduces two methods for getting SSL certificates for Apache, one by HTTP challenge, and the other by DNS validation. These methods also apply to Nginx.

1. Use Certbot (HTTP challenge)

Adjust the command to the corresponding package manager and HTTP server.

1
2
3
4
5

apt update
apt install -y certbot python-certbot-apache
# If python-certbot-apache cannot be found, try python3-certbot-apache instead.

certbot --apache -d example.net

This method automatically installs the certificates generated by adjustments to the HTTP server config files.

2. Use acme-dns-certbot (DNS validation)

Use this method when ports 80 and 443 aren’t available. The ACME server does HTTP challenges over ports 80 and 443, so in this case, HTTP challenges won’t work.

1

apt install -y certbot

Check if python-requests library is installed before proceeding to the next step.

1
2

curl -o /etc/letsencrypt/acme-dns-auth.py https://raw.githubusercontent.com/joohoi/acme-dns-certbot-joohoi/master/acme-dns-auth.py
chmod u+x /etc/letsencrypt/acme-dns-auth.py

Add a 3 to the end of the first line of acme-dns-auth.py, making it look like this:

1

#!/usr/bin/env python3

1

certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d your-domain

Add the CNAME records per the instructions given by Certbot, and the SSL certificates should be good to go.

References

Jay’s video on using Certbot to get an SSL certificate

Apache SSL configurations from Apache official docs

How to get an SSL certificate using DNS validation with acme-dns-certbot

© 2021 - 2024 Brandon's Tech Blog
Built with Hugo
Theme Stack designed by Jimmy