Let's Encrypt (Certbot)

Apache + SSL + Certbot in 5 Steps

Step 1: Install Apache

apt update
apt install apache2
systemctl enable apache2
systemctl start apache2

Step 2: Enable Required Modules

a2enmod ssl
a2enmod rewrite
systemctl restart apache2

Step 3: Create VirtualHost

# /etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/html/example.com

    <Directory /var/www/html/example.com>
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

a2ensite example.com.conf
systemctl reload apache2

Step 4: Install Certbot

apt install certbot python3-certbot-apache

Step 5: Obtain Certificate

certbot --apache -d example.com -d www.example.com

Certbot will:

Verify domain ownership via HTTP challenge
Obtain certificate from Let’s Encrypt
Automatically configure Apache for HTTPS
Set up auto-renewal

Auto-Renewal

Certbot installs a systemd timer. Verify it:

systemctl status certbot.timer
certbot renew --dry-run

Certificates renew automatically when they are within 30 days of expiry.