Setup SSL on an Azure Ubuntu VM running Apache
Setting up an own SSL certificate was never easier and cheaper as nowadays. With Lets Encrypt free SSL certificates are just one Github repository away. In this post I want to show you, how to setup SSL for your Ubuntu VM on Azure, while running an Apache web server.
As always before we begin, get the system up to date:
| sudo apt-get update | |
| sudo apt-get upgrade -y |
Install Lets Encrypt for Apache
After the system update / upgrade we want to install git, just use the following command:
| sudo apt-get install git -y |
When Git is installed we can clone the Lets Encrypt repo. The first parameter is the Lets Encrypt Github repository, the second parameter the folder you want to clone it on your machine.
| sudo git clone https://github.com/letsencrypt/letsencrypt /your/path/your-letsencrypt-folder |
If you successfully cloned the repos cd into the Lets Encrypt folder and enter the following command:
| letsencrypt-auto --apache -d your-own-domain.at -d www.your-own-domain.at |
For Apache, the installation is very simple, the first parameter will setup your new SSL certificate for your Apache installation, the second parameter will take your domain, if needed set it up with and without www upfront.
Setup your Azure VM
While the dependencies get installed, we can setup the SSL security group in Azure. In the endpoint settings or in your network interface security group (depending of your VM), you have to setup a new security group for port 443.
Give your rule a name, set it to TCP and allow all connections to the 443 destination port and hit save. That’s all.
Finish the Lets Encrypt setup
Back on the Ubuntu VM, we have to finish the Lets Encrypt setup.
First we have to provide an email address:
Next we have to agree to the ToS:
In the next step we have choose if our website is served in HTTP and HTTPS or in HTTPS only. Make your choice and hit OK.
If everything worked out you will see the following screen:
To test your new certificate just hit this URL, make sure to replace my domain with yours.
You should see something like this:
In contrast to the image on top, your browser should now show that your site provide a private connection.
Renewing your certificate
Your certificate is only valid for 90 days, so you have to make sure to renewal it at least once in this period, to do so you just have to enter the following command:
| letsencrypt-auto renew |
To automate this process, you can find nicely written instructions in the following articles:
- Setup a cron job from Erika Heidi in How To Secure Apache with Let’s Encrypt on Ubuntu 16.04
- Use systemd from Sheogorath in Let’s encrypt: Renew all your certificates using systemd
