Install Certbot SSL Certificates

First, let’s make sure our package manager is up to date.

#apt update -y && apt upgrade -y
#apt install snapd
#snap install core
#snap refresh core

Now, we can install certbot.

#snap install --classic certbot

Prepare the certbot command, so it can be ran from the command line.

#ln -s /snap/bin/certbot /usr/bin/certbot

Finally run de certbot to start and follow the instructions on screen.

#certbot --apache
#certbot --apache
root@servero:/etc/fail2ban/action.d# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): domainname.com
Requesting a certificate for domainname.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/domainname.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/domainname.com/privkey.pem
This certificate expires on 2023-08-25.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for domainname.com to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://domainname.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@servero:/etc/fail2ban/action.d#

Check if Certbot SSL Certificates config already added to apache conf

#ls -la /etc/apache2/sites-available/
total 24
drwxr-xr-x 2 root root 4096 May 27 07:29 .
drwxr-xr-x 8 root root 4096 May 27 07:29 ..
-rw-r--r-- 1 root root 1467 May 27 07:29 000-default.conf
-rw-r--r-- 1 root root 1547 May 27 07:29 000-default-le-ssl.conf
-rw-r--r-- 1 root root 6338 Apr 21 22:01 default-ssl.conf

Check by open the 000-default-le-ssl.conf

#vim 000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName domainname.com
SSLCertificateFile /etc/letsencrypt/live/domainname.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domainname.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

source: https://msmtech.ca/blog/guides/how-to-install-an-ssl-certificate-with-certbot-on-ubuntu-and-apache/

Remove certbot using snap

If you have installed certbot using snap, this will work perfectly to remove

#sudo snap remove certbot