Installing apache and SSL in Debian 12

sachin · October 24

Step 1 — Installing Apache

Apache is available within Debian 12 default software repositories, which means you can install it with the apt package manager.

apt install apache2

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Step 2 — Checking your Web Server

systemctl enable apache2
systemctl start apache2
systemctl status apache2

Step 3 — Disabling default web server

a2dissite 000-default.conf

Step 4 — Setting Up Virtual Hosts

Add in the following configuration block, and change the your_domain domain to your domain name: nano /etc/apache2/sites-available/app.example.com.conf

<VirtualHost *:80>

ServerAdmin email@app.example.com
ServerName app.example.com
ServerAlias app.example.com

DocumentRoot /var/www/app.example.com
DirectoryIndex index.php index.html

ErrorLog ${APACHE_LOG_DIR}/app.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/app.example.com-access.log combined

</VirtualHost>

and restart httpd service

apache2ctl configtest
a2ensite app.example.com.conf
mkdir /var/www/app.example.com
chown -R www:www /var/www/app.example.com
chmod -R 755 /var/www/app.example.com
systemctl restart apache2

You can test this by navigating to http://app.example.com, where you should see default apache page

Step 5 — Installing the Certbot Let’s Encrypt Client

To use Let’s Encrypt to obtain an SSL certificate, you first need to install Certbot and mod_ssl, an Apache module that provides support for SSL v3 encryption.

apt update
apt install certbot python3-certbot-apache

Step 5 — Obtaining a Certificate

certbot --apache -d app.example.com

The program will present you with a step-by-step guide to customize your certificate options. It will ask you to provide an email address for lost key recovery and notices, and then prompt you to agree to the terms of service. If you did not specify your domains on the command line, you will be prompted for that as well. If your Virtual Host files do not specify the domain they serve explicitly using the ServerName directive, you will be asked to choose the virtual host file. In most cases, the default ssl.conf file will work.

You will also be able to choose between enabling both http and https access or forcing all requests to redirect to https. For better security, it is recommended to choose the option 2: Redirect if you do not have any special need to allow unencrypted connections. Select your choice then hit ENTER.

You can test this by navigating to https://app.example.com, where you should see default apache page