How To Install Let’s Encrypt On Debian 12

lets encrypt logo header

In this tutorial you will learn how to Install LAMP and Let’s Encrypt SSL on Debian 12.

LAMP is short for Linux, Apache, MySQL, PHP. Its a term used when we are building a standard web server which is includes the operating system, the web server software, the database software and the server side scripting language to pull it all together making this a must have if you are running web services.

Let’s Encrypt is a free service that allows us to secure our websites with TLS (SSL), this encrypts the traffic from the server to your web browser, or can be used to secure other services such as email.

Transport Layer Security (TLS) is widely used for security and communication and has evolved from SSL, although TLS is now the standard used for encryption, it is still referred to as SSL although technically speaking SSL is an older protocol.

Traditionally we would need to buy an SSL certificate from a 3rd party such as Comodo, this requires creating a certificate signing request (CSR) and sending it over to Comodo to be digitally signed.

Once they have signed the request, a certificate is then sent back which requires to be installed on the server. The process time consuming especially if there are multiple servers to carry out this task on. Let’s Encrypt allows us to do this on the server automatically, more importantly its free.

If you’re offered a seat on a rocket ship, don’t ask what seat! Just get on.”

Sheryl Sandberg

Requirements

  • You will need a Server from a reliable provider like Sebae
  • Your Server should be the latest Debian release, currently version 12
  • You will need root access to the server

Like most Operating Systems, they should be kept up to date. We have created an article that shows how to keep your Debian release up to date, leaving you do to other things.

You can follow our tutorial on how to keep Debian automatically updated.

Before You Begin

Login to your VPS as root, and get the OS up to date.

apt update && apt upgrade

let the process run, once finished Debian should be ready.

Step 1: Install LAMP On Debian 12

First of all, we need to download and install our LAMP stack on Debian. To do this run the following command:

apt-get install apache2 mariadb-server php php-cli php-common libapache2-mod-php wget -y

Next run the following commands to enable the services so they start at reboot, note this should be already done automatically as part of the install.

systemctl start apache2
systemctl enable apache2
systemctl start mariadb
systemctl enable mariadb

Once complete, we can verify Apache is running with the following command;

systemctl status apache2

The output should be similar as below

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running) since Wed 2023-12-06 22:10:14 GMT; 35s ago
       Docs: https://httpd.apache.org/docs/2.4/
   Main PID: 17834 (apache2)
      Tasks: 6 (limit: 4653)
     Memory: 16.0M
        CPU: 37ms
     CGroup: /system.slice/apache2.service
             ├─17834 /usr/sbin/apache2 -k start
             ├─17836 /usr/sbin/apache2 -k start
             ├─17837 /usr/sbin/apache2 -k start
             ├─17838 /usr/sbin/apache2 -k start
             ├─17839 /usr/sbin/apache2 -k start
             └─17840 /usr/sbin/apache2 -k start

Dec 06 22:10:14 debiantraining systemd[1]: Starting apache2.service - The Apache HTTP Server...

You can also verfiy Apache is accessible by entering the URL of your server like this:

http://IP_Server_Address
install-debian-apache

If everything is looking like the above then we now have Apache & MariaDB installed and running.

Step 2: Create A New Apache Virtual Host

Now we need to create a virtual host which is essentially another website running on the same server.

To create it run the following command:

nano /etc/apache2/sites-available/blog.mydomain.com.conf 

Add the following lines to the file:

 <VirtualHost *:80>
        ServerName blog.mydomain.com 
        ServerAdmin info@mydomain.com 
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost> 

Now save and close the files.

Next, lets enable the new Apache virtual host by running the following command:

a2ensite blog.mydomain.com.conf 

Now the new Apache virtual host is active.

Step 3: Installing Let’s Encrypt On Debian 12

Now we have LAMP installed, the next step is to install Let’s Encrypt. To do this we first need to install the Certbot tool.

Run the following command to install the package:

apt -y install certbot python3-certbot-apache

Now we can run the tool to get Let’s Encrypt certifificates. Please note, you must have a valid domain for this to work.

The server must also be contactable from the internet on ports 80 and 443, if not the process will fail.

Lets get our certificate by running the following command:

certbot --apache -d mydomain.com
install-lets-encrypt-debian

When you first run the command, the wizard will ask you to agree to the licence agreement and ask you to provide an email address.

Next the wizard will run the http challange request and obtain the Let’s Encrypt certificate.

The wizard will also ask if you wish to configure https redirection, simply accept this by entering number 2 and the wizard will redirect all traffic on port 80 to 443 (SSL). This is the correct way to setup SSL.

Now your website is secured with an SSL certificate.

Step 3: Check Let’s Encrypt Automatic Renewal

The Let’s Encrpt certifcates have a defaut life time of 3 months and the certbot’s automated renewal process is configured to renew when there is less than 30 days remaining.

To check the timer is running, run the following command:

systemctl status certbot.timer

The output should look like this

● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; preset: enabled)
     Active: active (waiting) since Wed 2023-12-06 22:13:57 GMT; 6s ago
    Trigger: Thu 2023-12-07 03:53:28 GMT; 5h 39min left
   Triggers: ● certbot.service

Dec 06 22:13:57 debiantraining systemd[1]: Started certbot.timer - Run certbot twice daily.

Finally we can test a dry run of the renewal process by running the following command:

certbot renew --dry-run

The installation is now complete and your site is now secured by an SSL.

If your running a highly secure website, such as passing sensitive customer data then we still recommend you purchase a 3rd party SSL certificate. Although Let’s Encrypt is free to use, the short life time can potentially leave your site insecure if the automatic renewal process fails to renew.

Now we have learned how to install LAMP and Let’s Encrypt SSL on Debian 12.

If you would like further help you can get in touch with us.

Total
1
Shares
Leave a Reply
Previous Post
citrix logo header

Citrix Server Idle Timer Policy does not take effect for Server VDA

Next Post
exchange server header

Servicing Exchange Server 2019

Related Posts