This article provides a step-by-step guide on how to install SSL/TLS certificates from Let’s Encrypt on Apache. The tutorial is accompanied by a video tutorial created by. The article begins by outlining the necessary modifications to the httpd-vhosts.conf file, specifically adding a new line under the [VirtualHost *:443] section. It then proceeds to provide instructions on setting up a new account and making the required changes to the httpd.conf file. Following this, the article details the steps for creating the necessary directories, setting permissions, and restarting Apache.
It then transitions to the process of applying for the SSL/TLS certificate through the SSL For Free website. The article advises on selecting the Manual Verification option and emphasizes the importance of ensuring the entered domain can be accessed from the internet. The remaining steps include uploading the verification file, verifying the success, downloading the certificate files, and moving them to a secure location. Finally, the tutorial provides instructions for configuring the httpd-vhost.conf file and testing the installation on multiple websites.
Installation and Setup
Creating a new account on the FreeBSD server
To begin the installation and setup process for SSL/TLS certificates on your FreeBSD
server, you will first need to create a new account. This account will allow you to upload the necessary files and complete the certificate application process. Once you have created the account, you will be able to proceed with the installation.
Modifying httpd.conf
After creating the new account, the next step is to modify the httpd.conf file. This file is responsible for the configuration of the Apache HTTP Server. You will need to add a line to this file in order to enable SSL/TLS functionality. Locate the line that says “Listen 443” and remove the comment symbol to uncomment it. Save the file after making the modification.
Modifying httpd-vhosts.conf
Next, you will need to modify the httpd-vhosts.conf file. This file contains the virtual host configuration settings for the Apache HTTP Server. Add the necessary configuration for the virtual hosts that will be using SSL/TLS certificates. Save the file after making the modifications.
Creating necessary directories
In order to complete the setup process, you will need to create some directories on the server. One important directory is .well-known/acme-challenge, which is used for domain verification during the certificate application process. Create this directory and any other necessary directories for your virtual hosts.
Setting ownership for directories
To ensure that you have the necessary permissions to upload files to the directories you created, you will need to set the ownership for these directories. Make sure that the owner has the appropriate permissions to upload the required files.
Restarting Apache httpd
After completing all the necessary modifications and directory creations, you will need to restart the Apache httpd service. This will ensure that the changes take effect and that the server is ready to handle SSL/TLS connections.
Certificate Application
Accessing SSL For a Free Website
Once the server is set up and ready, you can proceed with the certificate application process. Start by accessing the SSL For Free website. This website provides a simplified way to obtain SSL/TLS certificates from Let’s Encrypt.
Logging in or registering
On the SSL For Free website, you will have the option to either login or register for an account. If you have not created an account yet, click on “Register” and fill in the required information. If you already have an account, click on “Login” and enter your email and password.
Starting certificate application
After logging in or completing the registration process, you can start the certificate application. Click on the SSL FOR FREE option located in the top left corner of the website. Enter the URL(s) for which you want to obtain the certificates, separating multiple URLs with spaces. Once the URLs are entered, click on “Create Free SSL Certificate”.
Verifying domain manually
It is important to note that before proceeding with the manual verification process, you should ensure that the URLs you entered can be accessed from the internet. This is because Let’s Encrypt will attempt to access these URLs during the verification process. Download the verification files provided on the website and proceed to the next step.
Uploading Files
Connecting to the server via FTP software
To upload the verification files to the server, you will need to connect to the server using an FTP software of your choice. Enter the necessary server credentials to establish the connection.
Uploading verification files
Once connected to the server via FTP, navigate to the directory where you created the .well-known/acme-challenge directory. Upload the verification files to this directory.
Verifying successful upload
To ensure that the verification files have been successfully uploaded to the server, you can click on the provided link in step 5 of the certificate application process. This link should show that the verification was successful.
Downloading SSL certificate files
After verifying the successful upload of the verification files, you can proceed to download the SSL certificate files from the SSL For Free website. Click on “Download SSL Certificate” followed by “Download All SSL Certificate Files”.
Uploading the downloaded certificate files
Once you have downloaded the certificate files, upload them to the server using the same FTP software you used earlier.
Moving certificates to a secure location
For security purposes, it is recommended to move the uploaded certificate files to a more secure location on the server. This will help protect the files and ensure that they are not accessible to unauthorized users.
Configuration
Setting up VirtualHost configuration in httpd-vhost.conf
To configure the virtual hosts to use the SSL/TLS certificates, you will need to make further modifications to the httpd-vhost.conf file. Add the appropriate VirtualHost configuration for each website that will be using SSL/TLS.
Specifying correct paths for SSLCertificateFile and SSLCertificateKeyFile
In the VirtualHost configuration, you will need to specify the correct paths for the SSLCertificateFile and SSLCertificateKeyFile directives. These paths should point to the location of the certificate files you uploaded earlier. Make sure to save the changes after modifying the file.
Restarting Apache httpd
To apply the configuration changes, you will need to restart the Apache httpd service. This will ensure that the modifications take effect and that the SSL/TLS certificates are properly utilized.
Testing
Verifying successful installation for site1
After restarting the Apache httpd service, you can verify the successful installation of the SSL/TLS certificate for site1. Access the website using HTTPS in your web browser and check for the presence of the SSL lock icon.
Verifying successful installation for site2
Repeat the same process as above to verify the successful installation of the SSL/TLS certificate for site2. Access the website using HTTPS and check for the SSL lock icon.
Checking certificate information
To further validate the installation, you can check the certificate information for each website. This can be done using various methods, such as viewing the certificate details in the web browser or using SSL certificate inspection tools.
In conclusion, installing and setting up SSL/TLS certificates from Let’s Encrypt via SSL For Free on Apache in FreeBSD requires several steps. By following the detailed process outlined in this article, you can successfully secure your websites with SSL/TLS certificates and provide a secure browsing experience for your users. Remember to regularly renew your certificates before they expire to ensure continued security.