Install LAMP Server with Let’s Encrypt Free SSL on Ubuntu 18.04

LAMP is a free and open-source web development platform used to host dynamic and high-performance websites. It consists of four open-source components: Linux, Apache, MySQL/MariaDB, and PHP. LAMP uses Linux as the operating system, Apache for webserver, MySQL/MariaDB as a database and PHP as the scripting language.

In this tutorial, we will explain how to install LAMP and secure it with Let’s Encrypt free SSL on Ubuntu 18.04.

Step 1 – Installing Apache Web Server

First, install Apache webserver with the following command:

apt-get install apache2 -y

Once the installation has been completed, start the Apache service and enable it to start after system reboot with the following command:

systemctl start apache2
systemctl enable apache2

Next, verify the Apache webserver with the following command:

systemctl status apache2

Apache web server is now running and listening on port 80. Open your web browser and type the URL http://your-server-ip. You should see the Apache default page in the following screen:

That means the Apache webserver is working as expected.

Step 2 – Installing MariaDB Database Server

MariaDB is the most popular fork of the MySQL relational database management system. You can install it by running the following command:

apt-get install mariadb-server mariadb-client -y

Once installed, start the MariaDB service and enable it to start after system reboot with the following command:

systemctl start mariadb
systemctl enable mariadb

By default, MariaDB is not secured, so you will need to secure it first. You can secure it by running the mysql_secure_installation script:

mysql_secure_installation

This script will set the root password, remove anonymous users, disallow root login remotely, and remove test database and access to it, as shown below:

Enter current password for root (enter for none): Press the Enter key
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]:  Y
Reload privilege tables now? [Y/n]:  Y

Step 3 – Installing PHP

By default, PHP is available in the Ubuntu 18.04 default repository. You can install PHP and other libraries with the following command:

apt-get install php php-cli php-mysql php-curl php-zip libapache2-mod-php -y

Once all the packages are installed, open your php.ini file and tweak some required settings:

nano /etc/php/7.2/apache2/php.ini

Change the following lines. The below values are great settings for a LAMP environment:

memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = America/Chicago

Save and close the file. Then, restart the Apache webserver to apply the configuration.

systemctl restart apache2

Next, create a info.php in your Apache document root directory to test PHP with Apache:

nano /var/www/html/info.php

Add the following line:

<?php phpinfo( ); ?>

Save and close the file. Then, open your web browser and visit the URL http://your-server-ip/info.php. You should see the default PHP test page depicted in the following screen.

After testing, it is recommended to remove the info.php file for security reasons.

rm -rf /var/www/html/info.php

Step 4 – Creating a Virtual Host

First, create an index.html file for your domain example.com.

mkdir /var/www/html/example.com
nano /var/www/html/example.com/index.html

Add the following lines:

<html>
<title>example.com</title>
<h1>Welcome to example.com Website</h1>
<p>This is my LAMP server</p>
</html>

Save and close the file. Then, change the ownership of the example.com directory and give necessary permissions:

chown -R www-data:www-data /var/www/html/example.com
chmod -R 755 /var/www/html/example.com

Next, you will need to create an Apache virtual host configuration file for your domain, example.com.

nano /etc/apache2/sites-available/example.com.conf

Add the following lines:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName example.com
    DocumentRoot /var/www/html/example.com
    DirectoryIndex index.html
    ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
    CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
</VirtualHost>

Save and close the file when you are finished.

Here’s a brief explanation of each parameter in the above file:

• ServerAdmin: Specify an email address of server admin.
• ServerName: Domain name that is associated with your server IP address.
• DocumentRoot: Specify the location of the content for the website.
• DirectoryIndex: Specify a default page to display when a directory is accessed.
• ErrorLog: Location of the error log file.
• CustomLog: Location of the access log file.

Next, enable the virtual host and restart the Apache web service to apply the configuration:

a2ensite example.com
systemctl restart apache2

To test your website, open your web browser and type the URL http://example.com. You will be redirected to the following page:

Step 5 – Securing Your Website with Let’s Encrypt

At this point your website is working well, but it’s not secured. You will need to secure it with Let’s Encrypt free SSL.

First, you will need to install a Certbot client on your server. Certbot is an easy to use client that can be used to download a certificate from Let’s Encrypt and configure Apache webserver to use this certificate.

By default, the latest version of Certbot is not available in the Ubuntu 18.04 default repository. You will need to add the Certbot repository to APT.

apt-get install software-properties-common apt-transport-https ca-certificates -y
add-apt-repository ppa:certbot/certbot

Once the repository is added, update the repository and install Certbot with the following command:

apt-get update -y
apt-get install certbot python-certbot-apache -y

Next, run the following command to install Let’s Encrypt free SSL for website example.com:

certbot --apache -d example.com

You will be prompted to provide your email and agree to the terms of service, as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/example.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/example.com-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/example.com-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Next, select option 2 and hit enter to download the Let’s Encrypt certificate and configure the Apache webserver to use this certificate. Once the installation process has been completed, you should see the following output:

Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/example.com.conf to ssl vhost in /etc/apache2/sites-available/example.com-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2019-10-22. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now, open your web browser and access your website securely with the URL https://example.com.

Conclusion

In the above tutorial, we learned how to install LAMP server on Ubuntu 18.04 VPS. We also learned how to secure a LAMP server with Let’s Encrypt free SSL. You can now easily install a LAMP server and secure it with Let’s Encrypt free SSL on Ubuntu 18.04 using our VPS Hosting services.