The Certbot provides an easy way to generate Let’s Encrypt free certificates for all websites that support HTTP and serve their content over HTTPS. In this article, we will see how to use Certbot to automate the process of generating Let’s Encrypt certificates.

Step 1 – Installing Certbot

Most Linux systems have the certbot package under default package repositories. is a tool to obtain certificates from Let’s Encrypt and configure them on your web server. The Snap package is the easiest way for installing the certbot on the Ubuntu system.

Open a terminal and execute the below command to install certbot:

sudo snap install --classic certbot 

Once a new certbot version is available, Snap will auto-update the package.

Step 2 – Generate SSL Certificate with Certbot

Now, You can request SSL certificates from Let’s encrypt based on the web server. We have discussed 4 methods to get a new SSL certificate, that depend on which web server running on your system. Might be there is no web server running on the system.

So choose the correct method as per the environment:

No Web Server Running

In case, you don’t have any web server running on your system. You can --standalone option to complete the domain validation by stating a dummy web server. This option needs to bind to port 80 in order to perform domain validation.

sudo certbot certonly --standalone 



If you are running the certbot for the first time, it will prompt you to accept terms and provide an email address for sending notifications.

You can also provide the inputs at the command line, For example:

sudo certbot certonly --standalone -d example.com --staple-ocsp -m me@example.com --agree-tos  

Certbot with Apache

The systems running the Apache web server, execute the following command. This will list all the domains/sub-domains configured on your web server. Select appropriate numbers to request a certificate.

sudo certbot --apache 

This will read the Apache configuration files and list all the configured domain names. Enter the number of the domain you want to issue a certificate. You can input multiple comma-separated numbers.

Once the domain ownership is verified, the certificate will be issued and the Apache configuration file will be created with SSL settings.

Certbot with Nginx

For the systems running the Nginx web server, use the below command to request the SSL certificates.

sudo certbot --nginx -d example.com -d www.example.com 

Some Other Web Server Running

For the system having any other web servers running except Apache or Nginx. Then you can get the certificate only and configure them manually.

This command will ask you for the domain name and document root for the domain.

sudo certbot certonly --webroot 

You can also pass the domain name and/or document root on the command line.

sudo certbot certonly --webroot -w /var/www/html -d example.com -d www.example.com 

While using the above commands, the domain must be pointed to the server in DNS. Also, ensure that /.well-known/acme-challenge is served by the web server.

Step 3 – View Certificate Files

Once a certificate is issued by the Lets Encrypt authority. All the certificate files are created under the /etc/letsencrypt directory. If your domain name is example.com, then the files will be created at the below location.

ls -l /etc/letsencrypt/live/example.com/ 

Output:
-rw-r--r-- 1 root root 692 Mar  9 06:59 README
lrwxrwxrwx 1 root root  37 Sep  6 09:56 cert.pem -> ../../archive/example.com/cert1.pem
lrwxrwxrwx 1 root root  38 Sep  6 09:56 chain.pem -> ../../archive/example.com/chain1.pem
lrwxrwxrwx 1 root root  42 Sep  6 09:56 fullchain.pem -> ../../archive/example.com/fullchain1.pem
lrwxrwxrwx 1 root root  40 Sep  6 09:56 privkey.pem -> ../../archive/example.com/privkey1.pem

Change example.com with your domain name to get correct files.

Conclusion

Let’s Encrypt is a certificate authority that provides free SSL certificates for public websites. We can issue certificates for any number of domains. The SSL certificates are issued for 3 months only, then you need to renew it. Certbot is a command line utility that helps to manage Let’s Encrypt SSL certificates. With the help of certbot we can issue a new certificate, and renew and delete it.

Hope this tutorial helps you to work with Certbot for managing the SSL certificate on your system.

The post How to Generate Let’s Encrypt SSL using Certbot appeared first on TecAdmin.

The default certbot stores all the client certificates under the below-mentioned directories. We are not recommending you delete files manually. In this tutorial, we will discuss deleting unused SSL certificates using the Certbot command line.

• /etc/letsencrypt/live
• /etc/letsencrypt/renewal
• /etc/letsencrypt/archive

Delete a Let’s Encrypt SSL Certificate

The Certbot also provides you an option to delete certificates automatically for you. To delete an SSL certificate, run the following command.

sudo certbot delete 

This command will show you an index from which you can select the domain name to delete the associated certificate. Just type the index number of the domain name, that you want to delete and hit enter. The issued certificate including other associated files will be deleted.

You can also specify the domain name with the certbot command as below. This could be helpful if the domain name does not appear in the index list.

sudo certbot delete --cert-name example.com

That’s it.

Conclusion

This tutorial helped you to delete a Let’s Encrypt SSL certificate using certbot command-line tool.

The post How to Delete a Let’s Encrypt Certificate using Certbot appeared first on TecAdmin.

So, in this article, we will discuss the installation of the Apache web server and how to secure it after installation on Debian 11.

Requirements

Before installation, you must be logged into the Debian System with access to all sudo privileges. We also recommend completing the initial server setup on newly install Debian 11 systems.

Step 1 – Installing Apache on Debian

The latest version of Apache packages is available under the default Debian 11 repository. So we can directly install it using the packages manager.

After login, open the terminal and update apt cache by below mentioned command:

sudo apt update 

After updating of apt cache, now install the Apache2 on your Debian 11 Bullseye by the command:

sudo apt install apache2 

Press “y” for any confirmation prompted by the installer.

Once the installation process completed. Verify the installed Apache version by running the following command:

apache2 -v 

Output:
Server version: Apache/2.4.48 (Debian)
Server built:   2021-08-12T11:51:47

Another way to verify the installation of Apache is by accessing the Apache2 default page using your Server’s IP Address or hostname. If you don’t know your hostname then run the below-mentioned command first:

hostname -I 

Enter your Server’s hostname or IP address in the URL bar of the browser and press Enter, Apache2 Debian Default page will open as shown below:

Step 2 – Managing the Apache Service

After successful installation, Apache service can be managed using “systemctl” commands, run the below-mentioned command to check the status of the server:

sudo systemctl status apache2.service 

Press “q” to quit. Few commands to manage Apache Service in Debian 11 are:

To start the server use the command:

sudo systemctl start apache2.service 

Similarly, to stop service, replace start with a stop in the above command:

sudo systemctl stop apache2.service 

The service can be restarted using:

sudo systemctl restart apache2.service 

Step 3 – Configuring Firewall Settings

If your system has a firewall, you’ll need to authorize access to certain web ports so that external users can utilize them. Run the below-mentioneds command to allow port 80 (HTTP) and 443 (HTTPS) in the Debian terminal:

sudo ufw allow 80/tcp 
sudo ufw allow 443/tcp 

Now verify by checking the status:

sudo ufw status 

if it is not active, to enable its to use:

sudo ufw enable 

Step 4 – Creating Virtual Host in Apache

In Apache, virtual hosts allow you to operate numerous websites on a single server. In the Apache web server, we’ll create a virtual host. To accomplish it, we’ll first create a website called sample.com with the server block that comes standard with Apache.

Let’s start by setting up your Apache server’s first virtual host. We’ll use the sample domain as “sample.com”, but you can name it according to your preference:

sudo mkdir -p /var/www/sample.com 

Now change the permissions and owner by below-mentioned command:

sudo chown -R www-data:www-data /var/www/sample.com 
sudo chmod -R 755 /var/www/sample.com 

Running below-mentioned command, to test our testdomain.info site, we’ll now construct an example index page. To accomplish so, we’ll use the nano editor to generate an HTML file that looks like this:

sudo nano /var/www/sample.com/index.html 

Insert the below mentioned content into index page and press Ctrl+O to save the file an Ctrl+X to exit the file and return to terminal:

<html>
 <head>
   <title>Welcome to the page sample.com!</title>
 </head>
 <body>
   <h1>Congratulations! Your sample.com server succeeded!</h1>
 </body>
</html>

Running the below-mentioned command in a terminal, we’ll build a virtual host file, which will serve the content of server:

sudo nano /etc/apache2/sites-available/sample.com.conf 

A text file will be open, insert the following content:

<VirtualHost *:80>
  ServerAdmin admin@sample.com
  ServerName sample.com
  ServerAlias www.sampe.com
  DocumentRoot /var/www/sample.com
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Press Ctrl+O to save the file and Ctrl+X to exit the file and return to the terminal.

Step 5 – Enabling the Domain Configuration

Run the following command to turn on the virtual host file:

sudo a2ensite sample.com.conf 

Disable the default Apache Configuration by running below mentioned command:

sudo a2dissite 000-default.conf 

New changes to Apache are made applicable by running below mentioned command:

sudo systemctl restart apache2 

Step 6 – Resolve Hostname Error

Now, we have to check our configuration for any syntax error, for testing configuration run the below-mentioned command:

sudo apache2ctl configtest 

This will cause an error but don’t worry we will resolve this. Create a new configuration “servername.conf” and edit in a text editor:

sudo nano /etc/apache2/conf-avaialable/servername.conf 

Now insert the following content into the file:

ServerName sample.com

Press Ctrl+O to save the file and Ctrl+X to exit the file. Make sure to change “sample.com” with your actual domain name. Now to enable the conf server name run the below-mentioned command:

sudo a2enconf servername 

Now again run the above command to test configuration:

sudo apache2ctl configtest 

You will see that the hostname error is resolved now.

Step 7 – How to secure Apache2 on Debian 11

To secure the Apache server, edit the “security.conf” file, run the below-mentioned command to open the file:

sudo nano /etc/apache2/conf-enabled/security.conf 

Insert or update the below content into the file:

ServerTokens Prod
ServerSignature Off
TraceEnable Off
Header always append X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection: "1; mode=block"
Header always set X-Content-Type-Options: "nosniff"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

Save the file and close it.

Set the server-wide SSLCipherSuite and SSL protocol to use secure ciphers to serve the website by editing ssl.conf file:

sudo nano /etc/apache2/mods-enabled/ssl.conf 

Now insert the below-written content into the file and press Ctrl+O to save the file and Ctrl+X to exit the file:

SSLProtocol -all +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5

Now run the reload command of Apache to save configuration:

sudo systemctl restart apache2.service 

That’s it. You have successfully installed and secured the Apache server.

Conclusion

Apache Web Server is an open-source server used by many websites on the internet and allows developers to publish their work on the internet. This server is available on all OS but in this article, we discuss its installation on the latest version of Debian (Linux OS) and also tell how to test and secure it after its successful installation. You will be able to successfully install Apache2 on Debian 11 Bullseye and configure the server after going through this guide.

The post How to Install and Secure Apache on Debian11 appeared first on TecAdmin.

Security first should be the thumb rule for any organization to secure your hard-working code from hackers. It becomes more important while traveling application data over public networks. For this situation, we need to implement end-to-end encryption using TLS.

This tutorial helps you to issue a new let’s encrypt SSL certificate and configure it with the Tomcat web server.

Prerequisites

This tutorial doesn’t cover the Tomcat installation. We are assuming that you already have a Tomcat server running on your system. You can visit Tomcat installation tutorials.

Step 1 – Installing Certbot

Certbot is a command-line utility to create and manage Let’s Encrypt SSL certificates. Which is available for most of the operating systems.

Debian-based users can install certbot by running the following command. Other operating system users can install it from here.

sudo apt install certbot 

Next, create the SSL certificate for your domain. Make sure the domain is already pointed to the tomcat server from DNS. For this tutorial, I am using the tomcat.tecadmin.net subdomain.

sudo certbot certonly --standalone -d tomcat.tecadmin.net 

Once the certificate issued, you can see all the related files at below location:

sudo ls /etc/letsencrypt/live/tomcat.tecadmin.net/ 

Output
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

These are all the files you need for the SSL certificate setup.

Step 2 – Configure Tomcat with Let’s Encrypt SSL

Next, configure your Tomcat server to listen on the secure protocol. By default, Tomcat uses 8443 to listen for SSL/TLS requests.

Copy SSL certificate’s and private key files under /opt/tomcat/conf directory:

cd /etc/letsencrypt/live/tomcat.tecadmin.net 
sudo cp {cert,chain,privkey}.pem /opt/tomcat/conf/ 

Then edit the conf/server.xml file available under the Tomcat home directory. In my case Tomcat is installed under /opt/tomcat, So use the below command to edit the configuration file.

sudo nano /opt/tomcat/conf/server.xml 

Remove <!-- and --> to uncomment the following section in configuration file. Also add the certificate section with your certificate files. The configuration will be look like:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateFile="conf/cert.pem"
                 certificateKeyFile="conf/privkey.pem"
                 certificateChainFile="conf/chain.pem" />
        </SSLHostConfig>
    </Connector>

Press CTRL+O to save changes and CTRL+X to exit from the editor.

Now, restart the Tomcat service to apply changes.

sudo systemctl restart tomcat 

That’s it. You have configured Let’s Encrypt SSL with Tomcat.

The next step is to verify the setup.

Step 3 – Verify Tomcat SSL Certificate

Default tomcat with SSL listens on 8443 port. Use your domain with an 8443 port to access Tomcat over the secure socket layer.

• https://tomcat.tecadmin.net:8443

That’s it. You have successfully configured Let’s Encrypt SSL with Tomcat.

Step 4 – Renew SSL Certificate

The default Let’s Encrypt SSL certificates expire in 90 days. You can easily refresh your SSL certificate anytime within 30 days of expiration.

Type the below command to refresh the SSL certificate.

certbot certonly --standalone -d tomcat.tecadmin.net 

Once successfully renewed. Copy the newly generated certificate files to the Tomcat conf directory.

cd /etc/letsencrypt/live/tomcat.tecadmin.net 
cp {cert,chain,privkey}.pem /opt/tomcat/conf 

Restart the Tomcat service to apply changes.

sudo systemctl restart tomcat 

Conclusion

In this tutorial, You have learned to set up the Let’s Encrypt SSL certificate with the Tomcat web server. Additionally provides you with steps to renew your SSL certificate.

The post How To Secure Tomcat with Let’s Encrypt SSL appeared first on TecAdmin.

Lets Encrypt is a free and open certificate authority by the non-profit Internet Security Research Group (ISRG). Its provides free ssl certificates for the domains valid for 90 days. You can easily renew certificates before expiration manually or schedule it to renew automatically.

This tutorial will describe you to setup Let’s Encrypt SSL certificate with Webmin hostname.

Change Webmin Hostname

First, make sure you have a valid domain name configured with Webmin. Choose a domain name (subdomain) for Webmin and update dns entry to point domain to Webmin server.

Change the system hostname from webmin dashboard. Login to webmin using admin account access:

This will change the hostname of the system, Also make an entry in /etc/hosts file to bind hostname with localhost ip address.

Configure Let’s Encrypt Certificate in Webmin

Now, you have configured a fully qualified domain as system hostname. Again make sure the domain is properly pointed to your Webmin server ip address. You can use online tool to verify dns records.

Let’s configure Let’s Encrypt SSL for Webmin:

1. Go to Webmin (in left sidebar)
2. Click Webmin Configuration
3. Click on “SSL Encryption” as shown in screenshot

   

4. Go to “Let’s Encrypt” tab”
5. Enter your hostname under “Hostnames for certificate”. For example, I have used webmin.tecadmin.net.
6. Select “Other directory” Under Website root directory for validation file and set path as “/var/www/html”
7. Under “Months between automatic renewal”, set value to 1. This allows ssl to be auto renews before 1 month of expiry.

   

8. Verify all details again and press Request Certificate button
9. On successful, you will see the result like below.
   
10. All done

Let’s Encrypt SSL certificate is successfully configured for the Webmin hostname.

Test SSL Certificate

Access the Webmin interface with https protocol using the system hostname on port 10000. You will see a valid ssl certificate in your browser.

For example: https://webmin.tecadmin.net:10000

Conclusion

This tutorial described you to configure Let’s Encrypt SSL certificate with Webmin hostname.

You can also verify the SSL certificate using online ssl checker tool. Make sure to enter full url with port.

The post Adding Let’s Entrypt SSL to Webmin Hostname appeared first on TecAdmin.

This tutorial helps you to install and use Certbot (A Let’s Encrypt client) on Ubuntu 20.04 LTS Linux system.

Prerequisites

You must fulfill the followings:

• A running Ubuntu 20.04 system with sudo privileged account access.
• Apache web server with virtual host configured with a real domain or subdomain.
• Domain or sub-domain must be pointed correctly to web server IP address.

Step 1 – Installing Certbot

Certbot is a tool to obtain certificates from Let’s Encrypt and configure them on your web server. The Snap package is the easiest way for installing the certbot on the Ubuntu system.

Open a terminal and execute the below command to install certbot:

sudo snap install --classic certbot 

Step 2 – Generate SSL Certificate

Now, You can request SSL certificates from Let’s encrypt based on the web server.

1. Apache – The systems running Apache web server, execute the following command. This will list all the domains/sub-domains configured on your web server. Select appropriate numbers to request a certificate.

   sudo certbot --apache 
   

2. Nginx – For the systems running Nginx web server, use below command to request for the SSL certificates.

   sudo certbot --nginx 
   

3. Get Certificate Only – For the system having any other web servers running except Apache or Nginx. Then you can get the certificate only and configure them manually.

   This command will ask you for the domain name and document root for the domain.

   sudo certbot certonly --webroot 
   

4. No Web Server – The systems have no web server running, can also request a SSL certificate. The below command will ask you for the domain name and start a temporary web server on port 80 to complete the verification.

   sudo certbot certonly --standalone 
   

While using the above commands, the domain must be pointed to the server in DNS. Also, ensure that /.well-known/acme-challenge is served by the web server.

Step 3 – Test SSL

Once the SSL certificate is installed on the web server, visit https://your-domain.com/ in a web browser and look for the SSL lock icon in the URL bar. You can also do a security scan for the SSL setup on https://www.ssllabs.com/ssltest/.

Step 3 – Renew SSL Certificate

A Let’s Encrypt certificate is issued for the 3 months only. You need to renew the certificate before 30 days of expiry. Certbot allows you a hassle-free renewal just by running a single command.

Run the below command to renew all the certificates on that system.

sudo certbot renew 

You can also run a dry run without actual renewal. This will help you to test if SSL renewal performs well.

sudo certbot renew --dry-run 

Conclusion

In this tutorial, you have learned to install certbot on the Ubuntu system. Also helped you to create new certificates for your web servers.

The post How to Setup Let’s Encrypt (Certbot) on Ubuntu 20.04 appeared first on TecAdmin.

Before We Start

Before begin your work:

• Running Ubuntu 20.04 system with sudo privileges shell access.
• Complete initial server setup instructions
• A domain name registered and pointed to your server’s public IP address. For this tutorial, we use webhost.tecadmin.net, which is pointed to our server.

Step 1 — Installing Apache

Apache packages are available under the default software repositories on Ubunts. You can easily install it using the conventional package management tool.

First of all, update the local package index to reflect the latest upstream changes. Then install Apache2 web server.

sudo apt update
sudo apt install apache2

After the confirmation, apt will install Apache and other required dependencies on your system.

Step 2 — Test Your Web Server

Once the installation finished, Apache service will automatically start on your Ubuntu system. You can find the Apache service status by running the following command:

sudo systemctl status apache2

Sample output:

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2020-04-26 05:28:08 UTC; 10min ago
       Docs: https://httpd.apache.org/docs/2.4/
   Main PID: 15464 (apache2)
      Tasks: 55 (limit: 2283)
     Memory: 6.9M
     CGroup: /system.slice/apache2.service
             ├─15464 /usr/sbin/apache2 -k start
             ├─18646 /usr/sbin/apache2 -k start
             └─18647 /usr/sbin/apache2 -k start

Apr 26 05:28:08 tecadmin systemd[1]: Starting The Apache HTTP Server...
Apr 26 05:28:08 tecadmin systemd[1]: Started The Apache HTTP Server.

The result status like “Active: active (running)” means Apache service have started successfully. However, the best way to test web server, request a page from Apache in web browser.

You will see the default Apache landing page. It means the Apache web server is running properly on your system.

Step 3 — Create A Virtual Host

With the help of virtual hosts, you can host more than one domain from a single server. A virtual host encapsulate the configuration of a domain to it. We will set up a virtual host with a sub-domain called webhost.tecamin.net, but you should replace this with your own domain name.

Let’s start with a directory for our domain as follows:

sudo mkdir /var/www/webhost
sudo chmod -R 755 /var/www/webhost
sudo chown -R www-data:www-data /var/www/webhost

Next, create a sample index.html page to host on this subdomain. Edit this file in your favorite text editor like vim or nano:

nano /var/www/webroot/index.html

Add the following sample HTML content:

<html>
  <head>
      <title>Welcome to TecAdmin.net!</title>
  </head>
  <body>
      <h1>Success!!!</h1>
  </body>
</html>

Save file and close it.

With the newly installed Apache server, you will see a default virtual host configuration file located at etc/apache2/sites-available/000-default.conf. But this is an good habbit to create seperate configuration file for each virtual host. So create a new virtual host file as /etc/apache2/sites-available/webhost.tecadmin.net.conf:

sudo nano /etc/apache2/sites-available/webhost.tecadmin.net.conf

Add the following configuration to virtual host file. Make sure to change the proper ServerAdmin email address, Servername to your domain name. You can also include ServerAlias to add more domain or subdomains. Then set correct DocumentRoot as created above.

<VirtualHost *:80>
    ServerAdmin webmaster@tecadmin.net
    ServerName webhost.tecadmin.net
    #ServerAlias www.webhost.tecadmin.net   ##Uncomment it to use
    DocumentRoot /var/www/webhost
    <Directory /var/www/webhost>
       Allowoverride all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Save file and close it.

By default Apache reads virtual host configuration files under /etc/apache2/sites-available directory. Use a2ensite tool to enable this virtual host:

sudo a2ensite webhost.tecadmin.net.conf

The above command will create a symbolic link webhost.tecadmin.net.conf file to sites-available directory.

Once done, run the below command to verify the configuration files:

sudo apache2ctl configtest

You should see the following output:

Syntax OK

Next, Restart Apache service to apply your changes:

sudo systemctl restart apache2

Apache is ready to serve your content on your configured domain name. You can test this by navigating to http://webhost.tecadmin.net,

Step 4 — Configure Let’s Encrypt SSL

We use Let’s encrypt SSL certificate to secure website on Apache web server. Certbot is the command line utility to work with Let’s encrypt certificates. Run the following command to install certbot binary:

sudo apt install python3-certbot-apache

This will install all the required packages for the certbot.

Once the installation process finished. Run the below command to request let’s encrypt certificate authority to issue certificate for our domain webhost.tecadmin.net. You can add multiple domains or subdomains using separate “-d” parameters.

certbot -d webhost.tecadmin.net

Wizard will ask your email address to send your updates. Then accept Terms of Service to continue. Below is the complete logs of command:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): webmaster@tecadmin.net

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for webhost.tecadmin.net
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/webhost.tecadmin.net-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/webhost.tecadmin.net-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/webhost.tecadmin.net-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/webhost.tecadmin.net.conf to ssl vhost in /etc/ap                         ache2/sites-available/webhost.tecadmin.net-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://webhost.tecadmin.net

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=webhost.tecadmin.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/webhost.tecadmin.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/webhost.tecadmin.net/privkey.pem
   Your cert will expire on 2020-07-25. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

You have successfully configured you domain with SSL certificate. Now, you can access your domain over https protocol as shown in the screenshot below:

Step 5 — Adjust Firewall Rules

You can use the service name like “http” or “https” to allow in FirewallD. To open HTTP and HTTPS port in FirewallD run the below commands:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

Once you add the rules, reload changes using the following command.

sudo firewall-cmd --reload

Step 6 — Manage Apache Service

Now, you have your Apache web server up and running, let’s go with the Apache service management commands.

To stop Apache web server, type:

sudo systemctl stop apache2

To start Apache web server (if stopped), type:

sudo systemctl start apache2

To restart (stop and then start) Apache service, type:

sudo systemctl restart apache2

Instead of stop then start a running server, use reload option to apply configuration file changes without dropping current connections. But this will not read any new configuration file:

sudo systemctl reload apache2

To disable Apache service to auto start on system boot, type:

sudo systemctl disable apache2

To enable Apache service to auto start on system boot, type:

sudo systemctl enable apache2

Conclusion

The Apache web server is running on your Ubuntu 20.04 LTS operating system.

The post How to Install and Secure Apache on Ubuntu 20.04 appeared first on TecAdmin.

Prerequisites

• Running Fedora system with shell access
• A domain/sub domain pointed to server IP address via public DNS server. For this tutorial, we use webhost.tecadmin.net.

Step 1 – Install Apache

First of all, Install the Apache webserver on your Fedora system. The default package repositories contain Apache packages. You can directly install them using the following command:

sudo dnf install httpd httpd-tools mod_ssl 

• How to Install LAMP on Fedora

Step 2 – Create VirtualHost in Apache

For this tutorial, I have created an index.html file under the default document root. Similarly, you can place your application under the document root of your domain.

sudo echo "<h2>Welcome to Secure TecAdmin.net</h2>" > /var/www/html/index.html 

After that, create a VirtualHost configuration file binding with port 80.

sudo vim /etc/httpd/conf.d/webhost.tecadmin.net.conf 

<VirtualHost *:80>
    ServerAdmin admin@example.com
    ServerName webhost.tecadmin.net
    DocumentRoot /var/www/html
    <Directory /var/www/html>
        Allowoverride all
    </Directory>
</VirtualHost>

Save and close the configuration file. Then restart the Apache service to reload the configuration file.

sudo systemctl restart httpd 

Step 3 – Setup Let’s Encrypt (Certbot) Client

The Certbot ACME is a client application recommended by Let’s Encrypt for systems with shell access. It provides hassle-free automation of certificate issuance, installation, and renewal.

You can install the certbot package along with certbot plugin for Apache using following command:

sudo dnf install python3-certbot-apache 

Above command will add certbot utility in your system. Execute the below command to get more help about certbot command.

sudo certbot -h all 

Step 4 – Create Let’s Encrypt Certificate

Now, you can request let’s encrypt to issue an SSL certificate for your domain. You need to run the certbot command for the Apache server as following:

sudo certbot --apache 

This will list all the virtual hosts configured with Apache on current server. Select the appropriate number with the comma separated. See below screenshot:

Let’s encrypt will start the verification process for your domain. Make sure the domain you selected is pointed to this server via the public DNS server.

On successful verification, SSL will be issued for your domain. A separate SSL VirtualHost configuration file will be created for your domain.

Please choose whether or not to redirect HTTP traffic to HTTPS:

• 1: No redirect – Make no further changes to the webserver configuration.
• 2: Redirect – Make all requests redirect to secure HTTPS access.

Enter a number of your choice and press enter. You can also change it latest by directly editing configuration files.

Once the SSL configuration completed successfully, you will see a congratulations message on your screen.

Step 5 – Verify Certificate

The Let’s Encrypt SSL has been successfully configured for your domain. This certificate is issued for 3 months only, You can renew it before expiration.

Let’s check the certificate by accessing your site in a web browser.

Conclusion

You have successfully secured your website with free Let’s Encrypt SSL certificate. Follow our next tutorial to setup Let’s Encrypt Auto SSL renewal with crontab. The Fedora systems will have default TLS 1.2 and TLS 1.3 enabled.

The post How to Setup Let’s Encrypt SSL with Apache on Fedora appeared first on TecAdmin.

In order to use an SSL certificate, You must have a valid domain or a subdomain name. Also, the domain must the pointed to the Windows server through the DNS server. For this tutorial, I have created a subdomain “secure.tecadmin.net” and pointed to our Windows system.

This tutorial will help you to install the Let’s Encrypt SSL certificate with IIS on Windows Server 2019/

Useful tutorials:

• How to Install IIS on Windows
• How to Create Site in IIS via command line
• Steps to Redirect HTTP to HTTPS in IIS

Download Win-ACME Tool

Win-ACME is a simple ACME windows client for use with Let’s Encrypt SSL certificate authority.

First of all, download the latest Windows ACME Simple (WACS) application. This can be downloaded from the official github releases page. Use the below link to visit download page:

https://github.com/win-acme/win-acme/releases,

At the time of writing this post, the downloaded archive is win-acme.v2.0.3.206.zip.

Create A New SSL Certificate

1. Once the Win-ACME archive file is downloaded, extract it on your Windows system. Go to the extracted directory and run wacs.exe as an administrator. The administrator privileges are required to access and modify IIS settings.

2. It will open a terminal window and show you the multiple options on the screen. Select Create new certificate (simple for IIS) by pressing “N’.

3. This will show you the sites configured in IIS. Choose one or multiple sites with comma-separated numbers to issue an SSL certificate.

4. Select 1 for how do you want to pick the bindings and press enter.

Then Just press enter for Include bindings:

5. Accept the terms by entering “yes” and press enter to continue. Let’s encrypt will initiate the domain authorization process over HTTP. Once the autorization completed successfully, the SSL certificate is issued.

This will also associate SSL certificates with site bindings in IIS.

Test Certificate and Binding

Open the website over HTTPS protocol in a web browser. You will see a valid SSL certificate in the browser. You can also verify SSL with ssllabs free tool. This will also scan for security settings on your server.

You can also edit the site bindings to view if SSL is properly configured.

Conclusion

This tutorial helped you for creating a new SSL certificate from Let’s encrypt and configure it on the IIS website.

The post How to Install Let’s Encrypt SSL with IIS on Windows Server 2019 appeared first on TecAdmin.

Prerequisites

• Running CentOS 8 machine with shell access
• Follow initial server setup steps for newly installed machine
• A domain/sub domain pointed to server IP address via public DNS server. For this tutorial, we use webhost.tecadmin.net.

Step 1 – Install Apache

First of all, Install the Apache server on your CentOS 8 machine. The Apache packages are available under the default repositories.

sudo dnf install httpd httpd-tools mod_ssl

• How to Install Apache on CentOS 8
• How to Install Apache/PHP-FPM on CentOS 8

Step 2 – Create VirtualHost with Port 80

For this tutorial, I have created a index.html file under the default document root. Similarly, you can place your application under the document root of your domain.

sudo echo "<h2>Welcome to Secure TecAdmin.net</h2>" > /var/www/html/index.html

After that, create a VirtualHost configuration file binding with port 80.

sudo vim /etc/httpd/conf.d/webhost.tecadmin.net.conf

<VirtualHost *:80>
    ServerAdmin admin@example.com
    ServerName webhost.tecadmin.net
    DocumentRoot /var/www/html
</VirtualHost>

Save and close the file. Restart Apache service to reload the configuration.

sudo systemctl restart httpd.service

Step 3 – Setup Let’s Encrypt (Certbot) Client

The Certbot ACME is a client application recommended by the Let’s Encrypt for systems with shell access. It provides hassle-free automation of the certificate issuance, installation, and renewal.

You can download the certbot-auto script from the official download page and put it under /usr/sbin directory. Use the following command to do it.

sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
sudo chmod a+x /usr/sbin/certbot-auto

You also need to installed all dependency for the certbot to make it work. The below command will install it dependencies on your system.

sudo certbot-auto --os-packages-only

Step 4 – Create Let’s Encrypt Certificate

Now, you can request Lets encrypt to issue a SSL certificate for you domain. You need to run the certbot-auto command for Apache server as following:

sudo certbot-auto --apache

This will list all the virtual hosts configured with Apache on current server. Select the appropriate number with the comma separated. See below screenshot:

The Let’s encrypt will start the verification process for your domain. Make sure the domain you selected is pointed to this server via the public DNS server.

On successful verification, SSL will be issued for your domain. A separate SSL VirtualHost configuration file will be created for your domain.

Please choose whether or not to redirect HTTP traffic to HTTPS:

• 1: No redirect – Make no further changes to the webserver configuration.
• 2: Redirect – Make all requests redirect to secure HTTPS access.

Enter a number of your choice and press enter. You can also change it latest by directly editing configuration files.

Once the SSL configuration completed successfully, you will see a congratulations message on your screen.

Step 5 – Verify Certificate

The Let’s Encrypt SSL has been successfully configured for your domain. This certificate is issued for 3 months only, You can renew it before expiration.

Let’s check the certificate by accessing your site in a web browser.

Conclusion

You have successfully secured your website with free Let’s Encrypt SSL certificate. Follow our next tutorial to setup Let’s Encrypt Auto SSL renewal with crontab. The CentOS 8 systems will have default TLS 1.2 and TLS 1.3 enabled.

The post How to Setup Let’s Encrypt SSL with Apache on CentOS 8 appeared first on TecAdmin.