- Update packages
- run "sudo apt update"
- run "sudo apt upgrade"
- Confirm Firewall rules
- run "sudo ufw status" to confirm if firewaal rules set. If not...
- run "sudo ufw allow ssh" "sudo ufw allow http" "sudo ufw allow https"
- enable ufw by running "sudo ufw enable"
- Install Snapd (installed by default on Ubuntu)
- run "sudo apt install snapd"
- run "sudo apt install core"
- run "sudo apt refresh core"
- Install Certbot
- run "sudo apt remove certbot"
- run "sudo snap install --classic certbot"
- Configure symbolic link
- run "sudo ln -s /snap/bin/certbot /usr/bin/certbot"
- Request TLS/SSL Certificate
- run "sudo certbot --apache"
- this command automatically configures the certificate on Apache.
- run "sudo certbot certonly --apache" to request certificate only and not configure
- follow prompts:"
- enter email address
- accept term of service
- subscribe to mailing list (optional)
- select domain name(s)
- certbot displays the domain names for selection based on virtual host files found
- request separate certificates with and without www prefix
- certbot should confirm certificates enabled and display details
- Test certificate
- add https://{domainname} to browser and look for padlock
- can also do an SSL Server Test
