How to setup Lets Encrypt with Apache on Ubuntu 16.10

2016-12-08

This is going to explain how to setup Let’s Encrypt for a WordPress site using Apache on Ubuntu. This setup requires you to have root access to the web server.
Server Version: 16.10 (Yakkety Yak)
Apache Version: Apache/2.4.18 (Ubuntu)

First lets generate a Diffie-Helman Parameters file (This will take a while, can easily take 5+ minutes):

stupiderror@localhost:~$ sudo -i
[sudo] password for stupiderror:
stupiderror@localhost:~# openssl dhparam -out /etc/ssl/private/dhparams_4096.pem 4096
Generating DH parameters, 4096 bit long safe prime, generator 2
This is going to take a long time
.....................................................................+..........

Now we will install certbot:

stupiderror@localhost:~# apt update
stupiderror@localhost:~# apt install python-certbot-apache
stupiderror@localhost:~# certbot --apache

Select the domain(s) that you want to enable HTTPS for.
Provide an email address.
Accept the Terms of Service.
Choose Easy or Secure. Easy will let your site be HTTP and HTTPS. Secure will make your site only HTTPS but will redirect anyone trying to use HTTP to HTTPS.

You can use a command like the following and avoid the menu, just substitute in your domain and email:

stupiderror@localhost:~# certbot --apache -d stupiderror.com -d www.stupiderror.com -m support@example.net --agree-tos

The last step is to add a cron entry to auto renew the certificate.

stupiderror@localhost:~# crontab -e
0 1 * * 0    /usr/bin/certbot renew >> /var/log/le-renew.log