How to Secure Apache with Let’s Encrypt on Debian 12

Introduction: Why HTTPS Matters

In today’s digital world, security is non-negotiable. Whether you're running a personal blog or managing a business website, encrypting traffic between your server and users is essential. That’s where Let’s Encrypt comes in — a free, automated certificate authority that simplifies securing your Apache web server with HTTPS.

In this tutorial, you’ll learn how to install and configure an SSL certificate for Apache using Let’s Encrypt on Debian 12.

Prerequisites

Before diving into the process, make sure you have:

• A Debian 12 server with Apache installed
• A domain name (e.g., yourdomain.com) pointed to your server’s IP
• Port 80 (HTTP) and 443 (HTTPS) open in your firewall
• A user with sudo privileges

Step 1: Install Certbot and the Apache Plugin

Certbot is the official tool to obtain and renew Let’s Encrypt certificates

sudo apt update
sudo apt install certbot python3-certbot-apache -y

Step 2: Ensure Your Apache Virtual Host is Set Up

Make sure your Apache virtual host file is correctly configured for your domain. For example

sudo nano /etc/apache2/sites-available/yourdomain.com.conf

Ensure it includes a ServerName directive

ServerName yourdomain.com
ServerAlias www.yourdomain.com

Then enable the virtual host

sudo a2ensite yourdomain.com.conf
sudo systemctl reload apache2

Step 3: Allowing HTTPS Through the Firewall

To additionally let in HTTPS traffic, allow the “WWW Full” profile and delete the redundant  “WWW” profile allowance  

sudo ufw allow 'WWW Full'
sudo ufw delete allow 'WWW'

Your status should now look like this  

sudo ufw status

Output
Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
WWW Full                   ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
WWW Full (v6)              ALLOW       Anywhere (v6)

Step 4: Obtain an SSL Certificate

Run the following Certbot command to request and install your certificate

sudo certbot --apache

Certbot will prompt you to choose the domain and whether you want to redirect HTTP to HTTPS. Choose to redirect it's the most secure option.

Step 5: Automate SSL Renewal

Let’s Encrypt certificates are valid for 90 days, but Certbot can automatically renew them.

To check renewal:

sudo certbot renew --dry-run

A systemd timer runs automatically, but it’s good practice to verify it’s working.

Step 6: Test Your SSL Configuration

Visit https://yourdomain.com in your browser you should see the padlock icon next to the URL. You can also test your setup using SSL Labs’ SSL Test.

Conclusion

Congratulations! Your Apache server on Debian 12 is now secured with a free SSL certificate from Let’s Encrypt. Not only have you protected your users’ data, but you've also improved your SEO rankings and gained visitor trust.

Power Your Digital Growth with Technology Elevator

At Technology Elevator, we don't just write guides — we build solutions. Whether you're setting up secure servers or launching full-scale web and mobile applications, our experts are here to elevate your tech.

🔥 What we offer:

• Custom Web & App Development
• End-to-end Cloud & Hosting Solutions
• Cybersecurity and Server Hardening
• SEO-Driven Digital Marketing
• AI & Automation for Business Growth

👉 Ready to scale securely and smartly?
Contact us today and let's secure your success!