Setup SSL on an Azure Ubuntu VM running Apache

Setting up an own SSL certificate was never easier and cheaper as nowadays. With Lets Encrypt free SSL certificates are just one Github repository away. In this post I want to show you, how to setup SSL for your Ubuntu VM on Azure, while running an Apache web server.

Setup SSL Azure Apache

As always before we begin, get the system up to date:

sudo apt-get update
sudo apt-get upgrade -y

Install Lets Encrypt for Apache

After the system update / upgrade we want to install git, just use the following command:

sudo apt-get install git -y
view raw Install Git hosted with ❤ by GitHub

When Git is installed we can clone the Lets Encrypt repo. The first parameter is the Lets Encrypt Github repository, the second parameter the folder you want to clone it on your machine.
sudo git clone /your/path/your-letsencrypt-folder

If you successfully cloned the repos cd into the Lets Encrypt folder and enter the following command:
letsencrypt-auto --apache -d -d

For Apache, the installation is very simple, the first parameter will setup your new SSL certificate for your Apache installation, the second parameter will take your domain, if needed set it up with and without www upfront.

Setup your Azure VM

While the dependencies get installed, we can setup the SSL security group in Azure. In the endpoint settings or in your network interface security group (depending of your VM), you have to setup a new security group for port 443.

Setup SSL Azure Settings

Give your rule a name, set it to TCP and allow all connections to the 443 destination port and hit save. That’s all.

Finish the Lets Encrypt setup

Back on the Ubuntu VM, we have to finish the Lets Encrypt setup.

First we have to provide an email address:

Setup SSL Lets Encrypt Email

Next we have to agree to the ToS:

Setup SSL Lets Encrypt Success TOS

In the next step we have choose if our website is served in HTTP and HTTPS or in HTTPS only. Make your choice and hit OK.

Setup SSL Lets Encrypt HTTP HTTPS

If everything worked out you will see the following screen:

Setup SSL Lets Encrypt Success

To test your new certificate just hit this URL, make sure to replace my domain with yours.

You should see something like this:

Setup SSL Check 1 Setup SSL Check 2

In contrast to the image on top, your browser should now show that your site provide a private connection.

Setup SSL Check 3

Renewing your certificate

Your certificate is only valid for 90 days, so you have to make sure to renewal it at least once in this period, to do so you just have to enter the following command:

letsencrypt-auto renew

To automate this process, you can find nicely written instructions in the following articles:

You may also like...