apache-https-setup
Apache HTTPS Setup Guide (Let’s Encrypt + Certbot)
This document describes how to configure Apache HTTP Server to serve a website securely over HTTPS using Let’s Encrypt SSL certificates and Certbot, with automatic HTTP → HTTPS redirection.
Table of Contents
- Prerequisites
- Directory Structure
- Install Required Packages
- Configure HTTP VirtualHost
- Obtain SSL Certificate
- Configure HTTPS VirtualHost
- Enable HTTP → HTTPS Redirect
- Apache Configuration Verification
- Auto-Renewal of Certificates
- Troubleshooting
- Best Practices
1. Prerequisites
- Linux server (Ubuntu / Debian recommended)
- Apache HTTP Server installed
- Domain name pointing to the server IP
- Ports 80 and 443 open in firewall
- Root or sudo access
2. Directory Structure
Example web root:
/srv/example/public
Apache configuration directories:
/etc/apache2/sites-available/
/etc/apache2/sites-enabled/
/etc/letsencrypt/live/
3. Install Required Packages
sudo apt update
sudo apt install apache2
sudo apt install certbot python3-certbot-apache
Enable SSL module:
sudo a2enmod ssl
sudo systemctl reload apache2
4. Configure HTTP VirtualHost (Port 80)
sudo nano /etc/apache2/sites-available/example.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /srv/example/public
<Directory /srv/example/public>
AllowOverride All
Require all granted
DirectoryIndex index.html index.php
</Directory>
ErrorLog ${APACHE_LOG_DIR}/example_error.log
CustomLog ${APACHE_LOG_DIR}/example_access.log combined
</VirtualHost>
Enable site:
sudo a2ensite example.conf
sudo systemctl reload apache2
5. Obtain SSL Certificate
sudo certbot --apache -d example.com
Choose redirect to HTTPS when prompted.
6. HTTPS VirtualHost (Port 443)
Certbot creates:
/etc/apache2/sites-available/example-le-ssl.conf
<VirtualHost *:443>
ServerName example.com
DocumentRoot /srv/example/public
<Directory /srv/example/public>
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
7. Enable HTTP → HTTPS Redirect
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
8. Apache Configuration Verification
sudo apache2ctl configtest
sudo apache2ctl -S
9. Auto-Renewal of Certificates
sudo certbot renew --dry-run
10. Troubleshooting
- Enable SSL module if missing
- Ensure certificate files exist
- Ensure only one port 80 VirtualHost exists
11. Best Practices
- Always use HTTPS
- Enable HSTS
- Avoid editing Certbot-managed files
Final Result
✔ HTTPS enabled
✔ HTTP → HTTPS redirect
✔ Automatic renewal