How to Install SuiteCRM with Apache and free Let's Encrypt SSL on Debian 11

SuiteCTM is an open-source Customer Relationship Management solution written in PHP. It is a fully-featured and highly-extensible CRM application that runs on any operating system. It became popular when SugarCRM decided to stop the development of its community edition. It is used for creating business strategies, actions, and decisions. It is an alternate CRM solution for other commercial CRM such as SugarCRM, Salesforce, and Microsoft.

In this post, we will show you how to install SuiteCRM with Apache and Let's Encrypt SSL on Debian 11.

Prerequisites

• A server running Debian 11.
• A valid domain name pointed with your server IP.
• A root password is configured on the server.

Install Apache, MariaDB, and PHP

SuiteCRM is a PHP-based application and uses MariaDB as a database backend. So you will need to install the Apache server, MariaDB database server, PHP, and other necessary PHP extensions to your server. You can install all of them using the following command:

apt-get install apache2 mariadb-server mariadb-client php php-common php-zip php-mysql php-gd php-curl php-imap php-mbstring php-xml php-json libapache2-mod-php unzip libpcre3 -y

Once all the packages are installed, edit the php.ini file and change some default settings:

nano /etc/php/7.4/apache2/php.ini

Change the following settings:

memory_limit = 256M
post_max_size = 64M
upload_max_filesize = 64M

Save and close the file then restart the Apache service to apply the changes:

systemctl restart apache2

Create a MariaDB Database for SuiteCRM

First, you will need to secure the MariaDB installation and set a root password. You can do it by executing the following script:

mysql_secure_installation

Answer all the questions as shown below:

Enter current password for root: Press 
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Once you are finished, log in to the MariaDB shell with the following command:

mysql -u root -p

Once you are connected to the MariaDB, create a database and user for SuiteCRM using the following command:

MariadDB [(none)]> CREATE DATABASE suitecrm;
MariaDB [(none)]> CREATE USER 'suitecrm'@'localhost' IDENTIFIED BY 'password';

Next, grant all the privileges to the SuiteCRM database with the following command:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON suitecrm.* TO 'suitecrm'@'localhost';

Next, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;

After creating the MariaDB database and user, you can proceed to the next step.

Install SuiteCRM

First, download the latest version of SuiteCRM using the wget command:

wget https://suitecrm.com/files/147/SuiteCRM-7.12/578/SuiteCRM-7.12.1.zip

Next, unzip the downloaded file with the following command:

unzip SuiteCRM-7.12.1.zip

Next, move the extracted directory to the Apache default root directory:

mv SuiteCRM-7.12.1 /var/www/html/suitecrm

Next, change the ownership and permission of the SuiteCRM directory:

chown -R www-data:www-data /var/www/html/suitecrm
chmod -R 755 /var/www/html/suitecrm

Once you are finished, you can proceed to the next step.

Configure Apache for SuiteCRM

Next, you will need to configure Apache to host SuiteCRM on the internet. To do so, create an Apache virtual host configuration file with the following command:

nano /etc/apache2/sites-available/suitecrm.conf

Add the following lines:

<VirtualHost *:80>

 DocumentRoot /var/www/html/suitecrm
 ServerName suitecrm.example.com

 <Directory /var/www/html/suitecrm>
    Options FollowSymLinks
    AllowOverride All
 </Directory>

 ErrorLog /var/log/apache2/suitecrm-error.log
 CustomLog /var/log/apache2/suitecrm-access.log common

</VirtualHost>

Save and close the file then activate the SuiteCRM virtual host configuration file with the following command:

a2ensite suitecrm.conf

Next, reload the Apache service to apply the configuration changes:

systemctl reload apache2

To check the status of the Apache service, run the following command:

systemctl status apache2

You will get the following output:

? apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2021-11-19 16:36:48 UTC; 4s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 16290 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 16296 (apache2)
      Tasks: 6 (limit: 4679)
     Memory: 15.5M
        CPU: 99ms
     CGroup: /system.slice/apache2.service
             ??16296 /usr/sbin/apache2 -k start
             ??16297 /usr/sbin/apache2 -k start
             ??16298 /usr/sbin/apache2 -k start
             ??16299 /usr/sbin/apache2 -k start
             ??16300 /usr/sbin/apache2 -k start
             ??16301 /usr/sbin/apache2 -k start

Nov 19 16:36:48 debian11 systemd[1]: Starting The Apache HTTP Server...

After configuring the Apache web server, you can proceed to access the SuiteCRM web interface.

Access SuiteCRM Web Interface

Now, open your web browser and type the URL http://suitecrm.example.com to access the SuiteCRM web UI. You should see the following screen:

Accept the license agreement and click on the Next button. You should see the following page:

Make sure all checks return OK, then click on the Next button to continue. You should see the SuiteCRM configuration page:

Provide your Database information, Admin user details, SMTP server specification, Branding details, Site security settings, and click on the Next button. You should see the following page:

Click on the Next button. You should see the SuiteCRM login page:

Provide your admin username, password and click on the LOG IN button. You should see the SuiteCRM dashboard on the following screen:

Secure SuiteCRM with Let's Encrypt SSL

After configuring Apache, it is recommended to secure your website with the Let's Encrypt SSL certificate. To do so, you will need to install the Certbot client in your system. The Certbot is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Using the Certbot Let's Encrypt client you can easily download, install and renew the SSL certificate for your domain.

You can install the Certbot with the following command:

apt-get install certbot python3-certbot-apache -y

Once the Certbot client has been installed successfully, run the following command to install the Let's Encrypt SSL for your website:

certbot --apache -d suitecrm.example.com

You will be asked to provide your valid email and accept the term of service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for suitecrm.example.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/suitecrm-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/suitecrm-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/suitecrm-le-ssl.conf

Next, select whether or not to redirect HTTP traffic to HTTPS or configure Nginx to redirect all traffic to secure HTTPS access as shown in the following output:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to start the process. Once the installation is completed, you should get the following output:

Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/suitecrm.conf to ssl vhost in /etc/apache2/sites-available/suitecrm-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://suitecrm.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=suitecrm.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/suitecrm.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/suitecrm.example.com/privkey.pem
   Your cert will expire on 2022-02-21. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Conclusion

Congratulations! you have successfully installed SuiteCRM with Apache and Let's Encrypt SSL on Debian 11. You can now explore the SuiteCRM for more features. Feel free to ask me if you have any questions.

About Hitesh Jethva

Over 8 years of experience as a Linux system administrator. My skills include a depth knowledge of Redhat/Centos, Ubuntu Nginx and Apache, Mysql, Subversion, Linux, Ubuntu, web hosting, web server, Squid proxy, NFS, FTP, DNS, Samba, LDAP, OpenVPN, Haproxy, Amazon web services, WHMCS, OpenStack Cloud, Postfix Mail Server, Security etc.