How to Secure Apache with Let’s Encrypt on Ubuntu 20.04

Secure Apache with Let's Encrypt on Ubuntu 20.04

In this article, we will have explained the necessary steps to install and configure Apache with Let’s Encrypt on Ubuntu 20.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Let’s Encrypt is a certificate authority that provides free SSL certificates for the website, operating since April 2016, and supported by companies and internet organizations of the world such as Mozilla, Cisco, Chrome, Akamai, etc. It simplifies the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. Certificates issued by Let’s Encrypt are valid for 90 days from the issue date and trusted by all major browsers today.


  • Operating System with Ubuntu 20.04
  • Server IPv4 Address with Superuser Privileges (Root Access)
  • Gnome Terminal for Linux Desktop
  • PuTTy SSH client for Windows or macOS
  • Powershell for Windows 10/11
  • Familiar with APT Commands

Secure Apache with Let’s Encrypt on Ubuntu 20.04

Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.

sudo apt update
sudo apt upgrade
sudo snap install core
sudo snap refresh core

Step 2. Install Certbot.

Run this command on the command line on the machine to install Certbot:

sudo snap install --classic certbot

Next, the following instructions on the command line on the machine to ensure that the certbot command can be run:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

After that, run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step:

sudo certbot --apache

Step 3. Checking Certificate Status.

You can ensure that Certbot created your SSL certificate correctly by using the SSL Server Test from the cloud security company Qualys. Open the following link in your preferred web browser, replacing with your base domain:

Step 4. Set up automatic renewal Let’s Encrypt.

Let’s Encrypt’s certificates are valid for 90 days. To automatically renew the certificates before they expire, the certbot package creates a cronjob that runs twice a day and automatically renews any certificate 30 days before its expiration:

sudo certbot renew --dry-run

That’s all you need to do to secure Apache with Let’s Encrypt on Ubuntu 20.04 LTS Focal Fossa. I hope you find this quick tip helpful. If you have questions or suggestions, feel free to leave a comment below.