Home Blog Portfolio +91 7982377323
×
Appincuba
Home Blog Portfolio +91 7982377323
×
Posted on 03 dec, 2019
Appincuba

Implement Let’s Encrypt on google app engine ubuntu 16.04 LTS apache

Let’s encrypt is an open source certificate authority that provides free ssl using ACME Protocol backed by some big brands like cisco, mozilla and facebook with a mission to secure the internet. Today supported by major cloud platforms and operating systems.

Step One — Create A Backup of Virtual Host Files

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf

File Looks Like this
  • ServerAdmin webmaster@localhost
  • ServerName example.com
  • ServerAlias www.example.com
  • DocumentRoot /var/www/html
  • ErrorLog ${APACHE_LOG_DIR}/error.log
  • CustomLog ${APACHE_LOG_DIR}/access.log combined
Step Two — Install Certbot by running the following commands
  • $ sudo apt-get update
  • $ sudo apt-get install software-properties-common
  • $ sudo add-apt-repository universe
  • $ sudo add-apt-repository ppa:certbot/certbot
  • $ sudo apt-get update
  • $ sudo apt-get install certbot python-certbot-apache
Step Three — Install Certbot by running the following commands

Certbot have an Apache plugin that can install the certificate automatically based on the virtual host and Server Alias Running this command will automatically obtain certificates for the listed domains

$ sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?

1: example.com

2: www.example.com

Step Four — Automating renewal

As Let’s encrypt ssl is valid for 90 days so we have to explicitly renew the ssl certificate there is a command for that also that setup cron on our server to regularly check for expired certificate and automatically renew them.

$ sudo certbot renew --dry-run

Step Five — Enable Https Support in GCP app engine firewall settings

1. Go to the Instance Detail and click Edit

2. Enable Https Support in the firewall settings

Step Six — Enable port 443 for Https Support

1. Goto Network Details

2. Add Firewall rule if not created automatically like this

Step Seven — Restart Apache

Certbot have an Apache plugin that can install the certificate automatically based on the virtual host and Server Alias Running this command will automatically obtain certificates for the listed domains



5 SHARES   |  3 LIKES

About the Author
Saurabh Yadav
One of the most key aspects of DevOps is promoting increased communication and collaboration between members of a team. The DevOps culture uses automation of the software delivery process which promotes collaboration in the team by bringing together the responsibilities