Logo

dev-resources.site

for different kinds of informations.

Generate your Let's Encrypt Digital Certificates for all your domains using Apache

Published at
1/13/2025
Categories
devops
security
webdev
ssl
Author
rodit-org
Categories
4 categories in total
devops
open
security
open
webdev
open
ssl
open
Author
9 person written this
rodit-org
open
Generate your Let's Encrypt Digital Certificates for all your domains using Apache

As someone who's dealt with their fair share of digital certificate headaches, I'm sharing a comprehensive guide to setting up and managing SSL/TLS certificates with Apache. You may actually use a different web server, but Apache seems to be the easiest way to achieve this. Once you are done, you just have to copy the generated certificates to the right directories in your web server of choice.

Initial DNS Setup

First, ensure all your domains point to your server:

# Create A records for each domain
domain1.com -> server_ip
www.domain1.com -> server_ip
domain2.com -> server_ip
www.domain2.com -> server_ip
domain3.com -> server_ip
www.domain3.com -> server_ip
Enter fullscreen mode Exit fullscreen mode

Directory Structure

Create an organized directory structure that scales with multiple domains:

# Create base directories
sudo mkdir -p /var/www/domains
# Create individual domain directories
for domain in domain1.com domain2.com domain3.com; do
    sudo mkdir -p /var/www/domains/$domain/public_html
    sudo mkdir -p /var/www/domains/$domain/logs
    sudo chown -R $USER:$USER /var/www/domains/$domain
    sudo chmod -R 755 /var/www/domains/$domain
done
Enter fullscreen mode Exit fullscreen mode

Virtual Host Configuration

Create separate virtual host files for each domain:

# Create configuration files
for domain in domain1.com domain2.com domain3.com; do
    sudo touch /etc/apache2/sites-available/$domain.conf
done
Enter fullscreen mode Exit fullscreen mode

Template for each domain's virtual host (example for domain1.com):

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName domain1.com
    ServerAlias www.domain1.com
    DocumentRoot /var/www/domains/domain1.com/public_html
    ErrorLog /var/www/domains/domain1.com/logs/error.log
    CustomLog /var/www/domains/domain1.com/logs/access.log combined

    <Directory /var/www/domains/domain1.com/public_html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>
Enter fullscreen mode Exit fullscreen mode

Batch Certificate Management

Here's how to efficiently manage certificates for multiple domains:

# Install Certbot
sudo apt install certbot python3-certbot-apache

# Create a domains list file
echo "domain1.com www.domain1.com" > domains.txt
echo "domain2.com www.domain2.com" >> domains.txt
echo "domain3.com www.domain3.com" >> domains.txt

# Obtain certificates for all domains in one command
sudo certbot --apache $(cat domains.txt | tr '\n' ' ')
Enter fullscreen mode Exit fullscreen mode

Automated Renewal Management

Create a renewal management script:

#!/bin/bash
# /usr/local/bin/cert-renew-manager.sh

# Renew all certificates
certbot renew

# Check renewal status for each domain
for domain in domain1.com domain2.com domain3.com; do
    cert_path="/etc/letsencrypt/live/$domain/fullchain.pem"
    if [ -f "$cert_path" ]; then
        expiry_date=$(openssl x509 -enddate -noout -in "$cert_path" | cut -d= -f2)
        echo "Domain: $domain - Certificate expires: $expiry_date"
    else
        echo "Warning: No certificate found for $domain"
    fi
done
Enter fullscreen mode Exit fullscreen mode

Batch Security Configuration

Apply security headers to all domains:

# Create a common security configuration
sudo tee /etc/apache2/conf-available/security-headers.conf << EOF
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
EOF

# Enable for all sites
sudo a2enconf security-headers
Enter fullscreen mode Exit fullscreen mode

Monitoring and Maintenance

Create a monitoring script for multiple domains:

#!/bin/bash
# /usr/local/bin/cert-monitor.sh

domains=("domain1.com" "domain2.com" "domain3.com")
notification_email="[email protected]"

for domain in "${domains[@]}"; do
    expiry=$(openssl s_client -connect ${domain}:443 -servername ${domain} </dev/null 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
    expiry_epoch=$(date -d "$expiry" +%s)
    current_epoch=$(date +%s)
    days_left=$(( ($expiry_epoch - $current_epoch) / 86400 ))

    if [ $days_left -lt 30 ]; then
        echo "Warning: Certificate for $domain expires in $days_left days" | mail -s "Certificate Expiry Warning" $notification_email
    fi
done
Enter fullscreen mode Exit fullscreen mode

Batch Testing

Create a comprehensive test script:

#!/bin/bash
# /usr/local/bin/cert-test.sh

# Test Apache configuration
sudo apache2ctl configtest

# Test SSL configuration for each domain
for domain in domain1.com domain2.com domain3.com; do
    echo "Testing SSL configuration for $domain"
    curl -sI https://$domain | head -n 1
    openssl s_client -connect ${domain}:443 -servername ${domain} </dev/null 2>/dev/null | openssl x509 -noout -dates
done
Enter fullscreen mode Exit fullscreen mode

Recovery Procedures

Create a backup script for all certificates:

#!/bin/bash
# /usr/local/bin/cert-backup.sh

backup_dir="/root/cert-backups/$(date +%Y%m%d)"
mkdir -p $backup_dir

# Backup all certificates and configurations
sudo cp -r /etc/letsencrypt $backup_dir/
sudo cp -r /etc/apache2/sites-available $backup_dir/

# Archive the backup
tar -czf $backup_dir.tar.gz $backup_dir
rm -rf $backup_dir
Enter fullscreen mode Exit fullscreen mode

Conclusion

Managing multiple domains requires more automation and organization, but with these scripts and structures in place, you can efficiently manage dozens of domains without increasing administrative overhead. Remember to:

  • Keep domain lists updated
  • Run regular batch tests
  • Maintain comprehensive backups
  • Monitor all domains systematically
  • Document any domain-specific configurations

This approach scales well whether you're managing a handful of domains or hundreds, while keeping your certificate management process clean and maintainable.

ssl Article's
30 articles in total
Favicon
Building and Deploying a New API (Part 3)
Favicon
Using Cloudflare SSL with Elastic Beanstalk instances
Favicon
Generate your Let's Encrypt Digital Certificates for all your domains using Apache
Favicon
Renew LetsEncrypt SSL Certificate in WordPress by Bitnami
Favicon
Building an S3 Static Website with CloudFront Using Terraform
Favicon
You May Prefer to Know Less About PKI Flaws but Now Is Too Late
Favicon
Understanding SSL and Its Importance
Favicon
Heartbleed: The Bug That Shook the Internet
Favicon
How to Ignore cURL SSL Errors
Favicon
Secure Nginx with Let's Encrypt on Ubuntu
Favicon
How to Update SSL Certificate in SafeLine WAF through a File
Favicon
Deploy Vite-React Project in AWS EC2 using custom domain and free SSL Certificate.
Favicon
5 Steps for a Quick and Effective Transition to 90-Day TLS/SSL Certificates
Favicon
Guide to SSL Errors: What do they mean and how to fix them
Favicon
How to remotely EV code-sign a windows application using ssl.com
Favicon
Instant Domain Insights: Why Every Tech Professional Needs DNS Checker Pro
Favicon
INSY 8211 & Intro to Linux Administration - part_1 [Network and Web Server Configuration]
Favicon
Day 32: Securing Your Personal Blog with SSL/TLS (A Beginner's Guide)
Favicon
Understanding SSL/TLS: The Role of Encryption and Security Protocols in Internet Communication
Favicon
Get a free SSL certificates for your shared-hosting cPanel domain!
Favicon
Choosing an SSL certificate: paid or free — or whether you can do without one
Favicon
Chain of Trust: Decoding SSL Certificate Security Architecture
Favicon
Docker Server Certificate with SSL
Favicon
HTTPS and SSLs: Why They Matter, How to Use Them
Favicon
🚀 Deploying Node.js Application with PM2, NGINX, and SSL Configuration 🚀
Favicon
Types of SSL Certificates
Favicon
AWS Certificate Manager Implementation
Favicon
Migration vom Nginx Proxy Manager zu Traefik 🚀
Favicon
Migrating from Nginx Proxy Manager to Traefik 🚀
Favicon
Self hosted supabase setup with Authelia and Caddy

Featured ones: