In this tutorial you will learn how to Install LAMP and Let’s Encrypt SSL on Debian 12.
LAMP is short for Linux, Apache, MySQL, PHP. Its a term used when we are building a standard web server which is includes the operating system, the web server software, the database software and the server side scripting language to pull it all together making this a must have if you are running web services.
Let’s Encrypt is a free service that allows us to secure our websites with TLS (SSL), this encrypts the traffic from the server to your web browser, or can be used to secure other services such as email.
Transport Layer Security (TLS) is widely used for security and communication and has evolved from SSL, although TLS is now the standard used for encryption, it is still referred to as SSL although technically speaking SSL is an older protocol.
Traditionally we would need to buy an SSL certificate from a 3rd party such as Comodo, this requires creating a certificate signing request (CSR) and sending it over to Comodo to be digitally signed.
Once they have signed the request, a certificate is then sent back which requires to be installed on the server. The process time consuming especially if there are multiple servers to carry out this task on. Let’s Encrypt allows us to do this on the server automatically, more importantly its free.
If you’re offered a seat on a rocket ship, don’t ask what seat! Just get on.”
Sheryl Sandberg
Requirements
- You will need a Server from a reliable provider like Sebae
- Your Server should be the latest Debian release, currently version 12
- You will need root access to the server
Like most Operating Systems, they should be kept up to date. We have created an article that shows how to keep your Debian release up to date, leaving you do to other things.
You can follow our tutorial on how to keep Debian automatically updated.
Before You Begin
Login to your VPS as root, and get the OS up to date.
apt update && apt upgrade
let the process run, once finished Debian should be ready.
Step 1: Install LAMP On Debian 12
First of all, we need to download and install our LAMP stack on Debian. To do this run the following command:
apt-get install apache2 mariadb-server php php-cli php-common libapache2-mod-php wget -y
Next run the following commands to enable the services so they start at reboot, note this should be already done automatically as part of the install.
systemctl start apache2
systemctl enable apache2
systemctl start mariadb
systemctl enable mariadb
Once complete, we can verify Apache is running with the following command;
systemctl status apache2
The output should be similar as below
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Wed 2023-12-06 22:10:14 GMT; 35s ago
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 17834 (apache2)
Tasks: 6 (limit: 4653)
Memory: 16.0M
CPU: 37ms
CGroup: /system.slice/apache2.service
├─17834 /usr/sbin/apache2 -k start
├─17836 /usr/sbin/apache2 -k start
├─17837 /usr/sbin/apache2 -k start
├─17838 /usr/sbin/apache2 -k start
├─17839 /usr/sbin/apache2 -k start
└─17840 /usr/sbin/apache2 -k start
Dec 06 22:10:14 debiantraining systemd[1]: Starting apache2.service - The Apache HTTP Server...
You can also verfiy Apache is accessible by entering the URL of your server like this:
http://IP_Server_Address
If everything is looking like the above then we now have Apache & MariaDB installed and running.
Step 2: Create A New Apache Virtual Host
Now we need to create a virtual host which is essentially another website running on the same server.
To create it run the following command:
nano /etc/apache2/sites-available/blog.mydomain.com.conf
Add the following lines to the file:
<VirtualHost *:80>
ServerName blog.mydomain.com
ServerAdmin info@mydomain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Now save and close the files.
Next, lets enable the new Apache virtual host by running the following command:
a2ensite blog.mydomain.com.conf
Now the new Apache virtual host is active.
Step 3: Installing Let’s Encrypt On Debian 12
Now we have LAMP installed, the next step is to install Let’s Encrypt. To do this we first need to install the Certbot tool.
Run the following command to install the package:
apt -y install certbot python3-certbot-apache
Now we can run the tool to get Let’s Encrypt certifificates. Please note, you must have a valid domain for this to work.
The server must also be contactable from the internet on ports 80 and 443, if not the process will fail.
Lets get our certificate by running the following command:
certbot --apache -d mydomain.com
When you first run the command, the wizard will ask you to agree to the licence agreement and ask you to provide an email address.
Next the wizard will run the http challange request and obtain the Let’s Encrypt certificate.
The wizard will also ask if you wish to configure https redirection, simply accept this by entering number 2 and the wizard will redirect all traffic on port 80 to 443 (SSL). This is the correct way to setup SSL.
Now your website is secured with an SSL certificate.
Step 3: Check Let’s Encrypt Automatic Renewal
The Let’s Encrpt certifcates have a defaut life time of 3 months and the certbot’s automated renewal process is configured to renew when there is less than 30 days remaining.
To check the timer is running, run the following command:
systemctl status certbot.timer
The output should look like this
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; preset: enabled)
Active: active (waiting) since Wed 2023-12-06 22:13:57 GMT; 6s ago
Trigger: Thu 2023-12-07 03:53:28 GMT; 5h 39min left
Triggers: ● certbot.service
Dec 06 22:13:57 debiantraining systemd[1]: Started certbot.timer - Run certbot twice daily.
Finally we can test a dry run of the renewal process by running the following command:
certbot renew --dry-run
The installation is now complete and your site is now secured by an SSL.
If your running a highly secure website, such as passing sensitive customer data then we still recommend you purchase a 3rd party SSL certificate. Although Let’s Encrypt is free to use, the short life time can potentially leave your site insecure if the automatic renewal process fails to renew.
Now we have learned how to install LAMP and Let’s Encrypt SSL on Debian 12.
If you would like further help you can get in touch with us.