DEBIAN - APACHE2 - INSTALL SSL-CERTIFICATE WITH CERTBOT Prerequisites + A running instance of Debian 12 + Apache web server installed and running + Domain name pointing to your server's public IP address Step 1: Install Certbot Certbot is an easy-to-use automated client that fetches and deploys SSL/TLS certificates for your web server. To install Certbot and its Apache plugin, use the following commands: # Update the package list $ sudo apt update -y # Install Certbot's Apache package $ sudo apt install python3-certbot-apache -y Step 2: Obtain an SSL Certificate With Certbot installed, you can now obtain an SSL certificate for your domain: # Obtain an SSL certificate and configure Apache to use it $ sudo certbot --apache -d yourdomain.com -d www.yourdomain.com Follow the on-screen prompts to complete the process. Certbot will modify your Apache configuration files to use the new SSL certificate. Step 3: Verify Auto-Renewal Let's Encrypt certificates are valid for 90 days, but Certbot can automatically renew them. Verify that the auto-renewal process is set up correctly: # Test the renewal process $ sudo certbot renew --dry-run If the dry run is successful, Certbot will automatically renew your certificates before they expire. Step 4: Enhance Security Settings Beyond installing the SSL certificate, it's advisable to adjust your Apache configuration to use strong encryption protocols and ciphers. Edit your domain's SSL configuration file, often found in /etc/apache2/sites-available/yourdomain.com-le-ssl.conf, to include the following settings: ... SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!aNULL:!MD5 ... After making changes, restart Apache to apply the new security settings: # Restart Apache $ sudo systemctl restart apache2 Conclusion Securing Apache with an SSL certificate from Let's Encrypt is a straightforward process that significantly improves the security posture of your web services. By following the steps outlined above, you can ensure that your Apache server on Debian 12 is using a trusted certificate, making communication with your users secure. For organizations looking to maintain high security standards without the overhead of handling it in-house, the option to hire remote DevOps engineers can provide the expertise needed to manage and secure web server environments efficiently.