Apache HTTP Server 2.4 with SSL Ubuntu 24.04

Apache HTTP Server 2.4 with SSL on Ubuntu 24.04 by cloudimg

Apache HTTP Server 2.4 with full Let's Encrypt SSL/TLS automation, on Ubuntu 24.04 LTS (Noble Numbat). Same hardened Apache base as the standard cloudimg apache-httpd image, with Certbot and the Apache plugin pre-installed and the systemd renewal timer enabled at build time. Customers go from launch to a real production-grade certificate by editing one config file and re-running the firstboot script.

Why Choose cloudimg?

• 24/7 Expert Support with guaranteed 24 hour response for all requests and one hour average for critical issues. Contact support@cloudimg.co.uk
• Production Ready from Launch Pre configured, security patched, and validated before publication
• Azure Native Integration Built with Azure Linux Agent, cloud init, and Gen2 Hyper V support
• 60 Second Cert Issuance Set DOMAIN and EMAIL in /stage/scripts/cloudimg-cert.conf, re-run apache-firstboot.sh, get a Let's Encrypt certificate installed and Apache reloaded
• Auto Renewal Out Of The Box certbot.timer is enabled at install time and runs twice daily; certs ≤30 days from expiry are renewed automatically with no operator intervention

What is Included

• Apache HTTP Server 2.4 from the official Ubuntu noble main repository
• Certbot + python3-certbot-apache plugin (the plugin auto-edits the apache vhost during cert issuance)
• certbot.timer enabled (twice daily renewal check)
• Modules enabled at build time: ssl, rewrite, headers, http2
• Event MPM (the modern Ubuntu 24.04 default)
• Default virtual hosts on TCP 80 and TCP 443 serving /var/www/html
• Self signed RSA 2048 bit TLS certificate generated per VM by apache-firstboot.service (used until customers swap to Certbot)
• Security hardening: ServerTokens Prod, ServerSignature Off, TraceEnable Off
• Helper conf at /etc/apache2/conf-available/zz-security-cloudimg.conf (zz- prefix loads after Ubuntu's stock security.conf so its values win)
• Customer cert config at /stage/scripts/cloudimg-cert.conf (DOMAIN + EMAIL placeholders)
• Ubuntu 24.04 LTS base with latest security patches applied at build time
• Azure Linux Agent for seamless cloud integration and SSH key injection

Bring Your Own Domain — 60 Second Setup

1. Point your domain DNS A record at the VM public IP

2. Edit /stage/scripts/cloudimg-cert.conf and uncomment + set DOMAIN= and EMAIL=

3. Run sudo /usr/local/sbin/apache-firstboot.sh

Certbot uses the HTTP-01 challenge over port 80 to prove ownership, requests the certificate from Let's Encrypt, installs it into the apache :443 vhost, reloads apache, and writes a renewal config under /etc/letsencrypt/renewal/. From here the certbot.timer takes over and renews silently in the background.

Use Cases

• TLS terminating reverse proxy in front of internal application servers
• Static site hosting with HTTPS, HSTS, and HTTP/2 acceleration
• Customer facing web apps that need a real cert without operator overhead
• Migration target for legacy on premises Apache + manual cert workflows
• Development and staging environments where developers want production grade TLS without long manual cert ceremonies

Technical Specifications

• Operating System: Ubuntu 24.04 LTS (Noble Numbat)
• Apache Version: 2.4.x (official Ubuntu noble main)
• Certbot Version: latest from Ubuntu noble main, with python3-certbot-apache plugin
• MPM: event
• Modules: ssl, rewrite, headers, http2
• Document Root: /var/www/html
• HTTP Port: 80 (also used by Certbot HTTP-01 challenge — must be open from internet for cert issuance and renewal)
• HTTPS Port: 443
• Default User: azureuser (sudo enabled)
• Service Management: systemd (apache2.service, apache-firstboot.service, certbot.timer)
• Recommended Size: Standard_B2s
• VM Generation: Hyper V Gen2 with UEFI boot

Support

cloudimg provides 24/7/365 expert technical support. Contact support@cloudimg.co.uk or visit www.cloudimg.co.uk for the latest documentation and deployment guides.