How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Debian 11 Bullseye

Apache, also known as Apache HTTP server, has been one of the most widely used web server applications globally for the past few decades. It is a free and open-source web application software maintained by the Apache Software Foundation. Apache provides some powerful features with dynamically loadable modules, easy integration with other software, and handling of static files, among other popular features.

In the following tutorial, you will learn how to Install Apache Web Server on Debian 11 Bullseye.



  • Recommended OS: Debian 11 Bullseye
  • User account: A user account with sudo privilages or root access (su command).

Updating Operating System

Update your Debian 11 Bullseye operating system to make sure all existing packages are up to date:

sudo apt update && sudo apt upgrade

Root or Sudo Access

By default, when you create your account at startup with Debian compared to other distributions, it does not automatically receive sudoers status. You must either have access to the root password to use the su command or visit our tutorial on How to Add a User to Sudoers on Debian.

The tutorial will be using the sudo command and assuming you have sudo status. If you have not set up a sudo user, use the following command to log in to root to continue.


Method 1. Install Apache from Debian Repository

The first option to install Apache is to use the default Debian repository. This is more practical for most users as it is very stable and secure.

To install Apache, open your terminal and execute the following command:

sudo apt install apache2 -y

Next, verify the installation was successful by verifying Apache’s build version:

sudo apache2 --version

Example output:

Server version: Apache/2.4.51

Check to see if Apache2 is running correctly using the following systemctl command:

systemctl status apache2

Example output if everything is ok:

How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Debian 11 Bullseye

Method 2. Install Latest Apache from Ondřej Surý Repository

By default, Apache is available within Debian’s software repositories, making it easy to install. However, as many know with Debian, it can often be lacking behind what is current, not so much for security risks. Still, the newer features and improvements are missing.

It is recommended for users wanting the latest Apache to install Ondřej Surý’s version of Apache 2, which is the most up-to-date and pre-built with extra widely used modules.

First, if you do not have curl installed, use the following command:

sudo apt install curl -y

To add the Repository, use the following command in your terminal:

curl -sSL | sudo bash -x

Update your repository to reflect the new change:

sudo apt update

Now that you have installed the Apache repository and updated the repository list, install Apache2 with the following:

sudo apt install apache2 -y

The installation will install all dependencies needed.

Once installed, confirm the version running the following command:

apache2 -v

Example output:

Server version: Apache/2.4.51

Note that both repositories are on the same version at the time of the tutorial due to an URGENT CVE update. Normally, Ondřej Surý repository is ahead of the default Debian 11 at all times.

Check to see if Apache2 is running correctly using the following systemctl command:

systemctl status apache2

Example output if everything is ok:

How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Debian 11 Bullseye

Optional – Configure UFW Firewall for Apache

Debian users who have installed UFW will need to adjust the UFW rules to allow outside access to the default web ports. Luckily, during the installation, Apache registers itself with UFW to provide a few profiles that can be used to enable or disable access, making it easy and quick to configure.

By default, UFW is not installed. If you would like to install UFW execute the following command in your terminal:

sudo apt install ufw -y

Next, enable UFW. When you enable the firewall, it will deny all incoming and allow all outgoing by default.

sudo ufw enable

First, list the application profiles to see the Apache profiles that are available by the following command:

sudo ufw app list

Example output:

Available applications:
  Apache Full
  Apache Secure

From the output above, you have three profile options to choose from. To break it down, Apache runs on port 80 (HTTP), Apache Secure runs on port 443 (HTTPS), and Apache Full is a combination of allowing both. The most common is either Apache Full or Apache Secure.

For the tutorial, since we have not set up SSL, we will enable (Apache) profile with the following command:

sudo ufw allow 'Apache'

Example output:

Rule added
Rule added (v6)

As above, the rules have been added for both IPV4 and IPV6. Later on, you can disable this profile and enable secure only or disable the Apache rule and use the Apache Full rule instead.

Verify Apache Web Server

Now that you have installed and configured the UFW firewall, it is time to test out to see if Apache 2 is reachable and is working correctly by requesting a page.

You can access the default Apache landing page to check if the software runs correctly through your server’s IP address. To find this out, if you do not know, use the following command below:

hostname -I

You should get back the internal IP address the server is on as an example:


You may get 2 to 3 results back. Try each one until you find the correct IP address.

If you require your public IP address (external), use the following command instead:

curl -4

You may need to install the CURL package if it is missing. To do this, execute the following command:

sudo apt install curl -y

Once you have your servers IP address, open up your favorite Internet Browser and enter the following:


You should get the following page in your Internet Browser:

How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Debian 11 Bullseye

Congratulations, you have installed Apache 2 web server and are currently working.

The next step is to set up virtual hosts.

Create and or Configure Virtual Hosts for Apache

Using the Apache web server, you can create virtual hosts to manage configurations for more than one domain running on a single server. If you have used Nginx before, it is the equivalent of server blocks. In the example below, the tutorial will create a domain which you will replace with your domain name.

By default, Apache on Debian 11 has one server block enabled by default that is configured to serve documents from the /var/www/html directory. If you are operating one website, you can modify this server block to suit your own. However, if you are hosting multiple websites, you need to create a new directory structure for your various domains.

Create and or Configure Directories

Firstly, leave /var/www/html directory intact as the default directory, then create a new directory, for, as below:

sudo mkdir /var/www/example_domain

The next step is to assign ownership of the directory with the $USER environment variable:

sudo chown -R $USER:$USER /var/www/example_domain

Usually, the web roots permissions should be set correctly, and you can verify using the -ls l command:

ls -l /var/www/example_domain

Example output:

drwxr-xr-x 2 joshua joshua 4096 Oct 10 11:46 example_domain

As you can see, we have the permission of drwxr-xr-x, which is the equivalent of chmod 755. If you do not have this permission set, run the following command:

sudo chmod -R 755 /var/www/example_domain

Now create a sample page index.html using your favorite text editor. The tutorial will use nano as below:

sudo nano /var/www/example_domain/index.html

In the file, copy and paste the following code:

        <title>Welcome to Website!</title>
        <h1>Success! The virtual host is working! You did not mess it up.</h1>

Save the file (CTRL+O), then exit (CTRL+X).

Create Virtual Host

Now that you have created a landing page and set correct ownership and permissions. You can now proceed to create a virtual host file. By default, all virtual host files will need to be located at /etc/apache2/sites-available/ directory.

First, use your favorite text editor to create a configuration file located at /etc/apache2/sites-available/example_domain.conf as below:

sudo nano /etc/apache2/sites-available/example_domain.conf

Now, copy and paste the following into the configuration block file, note to replace your ServerName, ServerAlias, and Document root with your own:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName example_domain
    ServerAlias www.example_domain
    DocumentRoot /var/www/example_domain
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Note, remember do not forget to change the required Server directives to your own.

Save the configuration file using (CTRL+O) and exit with (CTRL+X).

Enable Virtual Host

Now that you have your virtual host configuration file ready, it is time to enable it. With Apache, unlike Nginx, where you would create a symlink using the ln -s command, Apache uses its tools, as the tutorial will show below:

First, disable the existing default installed server block file 000-default.conf with the a2dissite command:

sudo a2dissite 000-default.conf

Now enable your virtual host file with the a2ensite command:

sudo a2ensite example_domain.conf

Now, like most web server applications, Apache has a dry run function. Before making it live, test your configuration file using the following command:

sudo apache2ctl configtest

If everything is working correctly, example output should be:

Syntax OK

Now restart the Apache webserver to make your new virtual host live with the following command:

sudo systemctl restart apache2

Apache should currently be serving the landing page you created for your new domain. To test this, open your Internet Browser and type in your domain name HTTP://example_domain where you should get the following landing page you created in the index.html file:

How to Install & Configure Apache with Let’s Encrypt TLS/SSL on Debian 11 Bullseye

Congratulations, you have successfully created your virtual host and made it work successfully on your domain.

Secure Apache with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Apache on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, install the certbot package as follows:

sudo apt install python3-certbot-apache -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email -d

This is the ideal setup that includes force HTTPS 301 redirects, Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be instead of HTTP://

Note, if you use the old HTTP URL, it will automatically redirect to HTTPS.

Managing Apache Service

Now that you have Apache running on your server successfully, some management keynotes are as follows.

Apache Server Logs

Apache server logs can be found in the directory /var/log/apache2/ with access.log and error.log respectfully being the default access and error names given. This can be changed to other names in your virtual host configuration file in the future.

Apache Commands

The following commands that you will undoubtedly use in your day-to-day management when working with Apache. Some of the most common are:

To stop Apache webserver:

sudo systemctl stop apache2

To start Apache webserver:

sudo systemctl start apache2

To restart Apache webserver:

sudo systemctl restart apache2

To reload Apache webserver (For more minor changes not requiring a restart):

sudo systemctl reload apache2

To disable Apache on server boot:

sudo systemctl disable apache2

To start Apache on server boot (Automatically enabled on installation):

sudo systemctl enable apache2

How to Update Apache

To update Apache in the future, this is done with the command you used to check if your system is up to date. Note, always create backups or images if you have an Apache service running critical services. Usually, it’s pretty safe to upgrade, but sometimes bugs can occur like any software upgrade.

To update Apache, use the following command:

sudo apt update

If an Apache upgrade is available, use the command:

sudo apt upgrade

How to Remove (Uninstall) Apache

To remove Apache if you no longer use it, this can be done using the following command:

sudo apt autoremove apache2 --purge

This command will also remove any unused dependencies that came with the installation.

Comments and Conclusion

In the tutorial, you have learned how to install Apache 2 either using the Debian default repository or the recommended updated Apache 2 using the repository by Ondřej Surý. Overall, Apache has been the most used web application server in the World for decades. However, Nginx has finally overtaken the lead just slightly. Apache is still one of the most deployed and recognized web applications, especially with combing LAMP stack, which is often used for back-end web servers. You will find more friendly options for Apache than Nginx, leading newer users to get into hosting their web server, perhaps to try Apache over Nginx as the first step.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x