How to Secure Apache with Let’s Encrypt SSL on Ubuntu 26.04

Free SSL certificates from Let’s Encrypt, managed by Certbot’s Apache plugin, give your Apache-hosted domains HTTPS encryption with minimal configuration and fully automatic renewals. This guide covers the complete process on Ubuntu 26.04 LTS.

Tested and valid on:

• Ubuntu 26.04 LTS

Prerequisites

• Ubuntu 26.04 LTS server with Apache installed
• A registered domain name pointing to your server
• Ports 80 and 443 open in UFW

Step 1 – Install Certbot and the Apache Plugin

sudo apt update
sudo apt install certbot python3-certbot-apache -y

Step 2 – Open HTTPS in UFW

sudo ufw allow 'Apache Full'
sudo ufw status

Step 3 – Obtain a Certificate

Certbot’s Apache plugin automatically edits your virtual host config:

sudo certbot --apache -d example.com -d www.example.com

Step 4 – Verify HTTPS is Working

curl -I https://example.com

Step 5 – Test Auto-Renewal

sudo certbot renew --dry-run

Step 6 – Check the Renewal Service

sudo systemctl status certbot.timer

Step 7 – Harden SSL Configuration

For stronger security, check Apache’s SSL config and disable old protocols:

sudo nano /etc/apache2/mods-available/ssl.conf

Ensure:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL

sudo systemctl restart apache2

Conclusion

Apache on your Ubuntu 26.04 LTS server now uses HTTPS with a trusted Let’s Encrypt certificate. The certificate renews automatically before expiry. Consider running an SSL scanner like SSL Labs to verify your configuration.