This is how to create and install a self- Lets Encrypt Certificate on Apache. The process can be fully automated with the help of Certbot. Follow these steps.
1. Ensure there is a domain purchased and associated DNS setup to point to the server ip.
2. Ensure there is virtual host set up on the server. With the domain name set in the server name block. It is very important to ensure the ServerName directive is the same for the domain the certificate is for. e.g www.mysite.com. Check the conf files in the sites available directory.
sudo nano /etc/apache2/sites-available/www.mysite.com.conf
3. Any changes to the .conf files can be verified for syntax errors by running.
sudo apache2ctl configtest
4. If there are no errors, reload apache for any changes to be active.
sudo service apache2 reload
5. Now add the certbot repo.(May need to run sudo apt-get update first)
sudo add-apt-repository ppa:certbot/certbot
6. Install Certbot.
sudo apt install python-certbot-apache
7. Certbot can now be used to create and install the certificate. Use the -d flag for all domains the certificate needs to be used on.
sudo certbot --apache -d example.com -d www.example.com
8. Lets Encrypt certificates are only valid for 90 days. So a cron script is added /etc/cron.d which ensures the certificate is renewed automatically. To double and make sure its all working properly initiate dry run. If this runs smoothly everything is setup and https should be active on the domains specified.
sudo certbot renew --dry-run