Support Online
MirrorLooking Glass
GenixNodeGenixNode
Client Panel
Skip to main content

Debian 10 Apache Let's Encrypt SSL Installation

If you want to install a free Let's Encrypt SSL certificate on an Apache web server running Debian 10, this guide gives you a complete installation process from start to finish.

This document covers not only SSL setup but also:

  • HTTPS redirect
  • Certbot automatic renewal
  • Apache VirtualHost verification
  • UFW firewall settings
  • Additional HTTPS security recommendations

All steps required in real production environments are covered.

Prerequisites

Before starting the installation, make sure you have the following requirements ready:

  • A server with Debian 10 installed (VPS / VDS / Dedicated / Cloud)
  • A user with authority sudo
  • Your domain name is directed to the server IP address

Example domain:

ornek.com www.ornek.com

Additionally, your Apache VirtualHost file must be created.

Example file path:

/etc/apache2/sites-available/ornek-com.conf

1. Certbot Installation (via Snap)

Since the Certbot version in the Debian 10 repositories is old, It is recommended to install an updated Certbot via Snap.

1.1 Update system packages

sudo apt update

1.2 Install Snapd package

sudo apt install snapd

1.3 Update Snap core package

sudo snap install core
sudo snap refresh core

1.4 Certbot installation

sudo snap install --classic certbot

1.5 Create Global Certbot connection

sudo ln -s /snap/bin/certbot /usr/bin/certbot

2. Checking Apache VirtualHost Configuration

Apache VirtualHost configuration must be correct before SSL installation.

Open the VirtualHost file:

sudo nano /etc/apache2/sites-available/ornek-com.conf

Make sure the following line is included in the file:

ServerName ornek.com

Test Apache configuration:

sudo apache2ctl configtest

If there are no errors, reload the Apache service:

sudo systemctl reload apache2

3. UFW Firewall Settings

For Let's Encrypt verification, HTTP (80) and HTTPS (443) ports must be open.

Check UFW status:

sudo ufw status

Grant full profile permission to Apache:

sudo ufw allow 'WWW Full'

You can remove the old HTTP rule:

sudo ufw delete allow 'WWW'

4. Getting a Let's Encrypt SSL Certificate

You can easily install the SSL certificate with the Certbot Apache plugin.

sudo certbot --apache -d ornek.com -d www.ornek.com

During installation, you will be asked for the following information:

E-posta adresi Let's Encrypt kullanım şartları onayı HTTP → HTTPS yönlendirmesi tercihi

After the installation is completed, you can test your site at:

https://ornek.com

If the kilit icon appears in the browser, SSL has been successfully established.

5. Certbot Automatic Certificate Renewal

Let's Encrypt certificates 90 gün are valid.

Certbot adds auto-refresh task to the system cron görevlerine.

You can run the following command to test the refresh process:

sudo certbot renew --dry-run

If the test is successful, certificates will be automatically renewed.

Additional HTTPS Security Recommendations HTTP → HTTPS Zorunlu Yönlendirme

You can add the following rules to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
HSTS Güvenlik Başlığı

You can enable HSTS by adding the following line into Apache VirtualHost.

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Location of Certificate Files

Let's Encrypt certificates are stored in the following directory:

/etc/letsencrypt/live/alanadiniz/

It is recommended that you do not delete this folder and back it up regularly.

Frequently Asked Questions

Why install Certbot with Snap?

The version of Certbot in the Debian 10 package repository may be outdated. You can use the most up-to-date and secure Certbot version by installing via Snap.

Where are SSL certificates stored?

Certificates are located in the following directory:

/etc/letsencrypt/live/alanadiniz/

What to do if the HTTP → HTTPS redirect is not automatic?

Redirection can be done by adding a RewriteRule to the Apache VirtualHost file or .htaccess file.

What to check if SSL is not working?

It is recommended that you make the following checks:

Is port 443 open, is the Apache configuration correct, is the apache2ctl configtest Domain DNS A record directed to the correct IP address?

Result

With this guide, Apache Let's Encrypt SSL installation on Debian 10 is completed. Your website is now streaming securely over HTTPS.

Thanks to Let's Encrypt and Certbot, SSL certificates are automatically renewed and can be used for free.