Apache HTTP Server 2.4 with SSL on Ubuntu 24.04

## Apache HTTP Server 2.4 with SSL on Ubuntu 24.04 by cloudimg

Apache HTTP Server 2.4 with full Let's Encrypt SSL/TLS automation, on Ubuntu 24.04 LTS (Noble Numbat). Same hardened Apache base as the standard cloudimg apache-httpd image, with Certbot and the Apache plugin pre-installed and the systemd renewal timer enabled at build time. Customers go from launch to a real production-grade certificate by editing one config file and re-running the firstboot script.

Why Choose cloudimg?

* 24/7 Expert Support with guaranteed 24 hour response for all requests and one hour average for critical issues. Contact support@cloudimg.co.uk

* Production Ready from Launch Pre configured, security patched, and validated before publication

* Azure Native Integration Built with Azure Linux Agent, cloud init, and Gen2 Hyper V support

* 60 Second Cert Issuance Set DOMAIN and EMAIL in /stage/scripts/cloudimg-cert.conf, re-run apache-firstboot.sh, get a Let's Encrypt certificate installed and Apache reloaded

* Auto Renewal Out Of The Box certbot.timer is enabled at install time and runs twice daily; certs ≤30 days from expiry are renewed automatically with no operator intervention

What is Included

* Apache HTTP Server 2.4 from the official Ubuntu noble main repository

* Certbot + python3-certbot-apache plugin (the plugin auto-edits the apache vhost during cert issuance)

* certbot.timer enabled (twice daily renewal check)

* Modules enabled at build time: ssl, rewrite, headers, http2

* Event MPM (the modern Ubuntu 24.04 default)

* Default virtual hosts on TCP 80 and TCP 443 serving /var/www/html

* Self signed RSA 2048 bit TLS certificate generated per VM by apache-firstboot.service (used until customers swap to Certbot)

* Security hardening: ServerTokens Prod, ServerSignature Off, TraceEnable Off

* Helper conf at /etc/apache2/conf-available/zz-security-cloudimg.conf (zz- prefix loads after Ubuntu's stock security.conf so its values win)

* Customer cert config at /stage/scripts/cloudimg-cert.conf (DOMAIN + EMAIL placeholders)

* Ubuntu 24.04 LTS base with latest security patches applied at build time

* Azure Linux Agent for seamless cloud integration and SSH key injection

Bring Your Own Domain — 60 Second Setup

1. Point your domain DNS A record at the VM public IP

2. Edit /stage/scripts/cloudimg-cert.conf and uncomment + set DOMAIN= and EMAIL=

3. Run sudo /usr/local/sbin/apache-firstboot.sh

Certbot uses the HTTP-01 challenge over port 80 to prove ownership, requests the certificate from Let's Encrypt, installs it into the apache :443 vhost, reloads apache, and writes a renewal config under /etc/letsencrypt/renewal/. From here the certbot.timer takes over and renews silently in the background.

Use Cases

* TLS terminating reverse proxy in front of internal application servers

* Static site hosting with HTTPS, HSTS, and HTTP/2 acceleration

* Customer facing web apps that need a real cert without operator overhead

* Migration target for legacy on premises Apache + manual cert workflows

* Development and staging environments where developers want production grade TLS without long manual cert ceremonies

Technical Specifications

* Operating System: Ubuntu 24.04 LTS (Noble Numbat)

* Apache Version: 2.4.x (official Ubuntu noble main)

* Certbot Version: latest from Ubuntu noble main, with python3-certbot-apache plugin

* MPM: event

* Modules: ssl, rewrite, headers, http2

* Document Root: /var/www/html

* HTTP Port: 80 (also used by Certbot HTTP-01 challenge — must be open from internet for cert issuance and renewal)

* HTTPS Port: 443

* Default User: azureuser (sudo enabled)

* Service Management: systemd (apache2.service, apache-firstboot.service, certbot.timer)

* Recommended Size: Standard_B2s

* VM Generation: Hyper V Gen2 with UEFI boot

Support

cloudimg provides 24/7/365 expert technical support. Contact support@cloudimg.co.uk or visit www.cloudimg.co.uk for the latest documentation and deployment guides.