This will install Apache2 and PHP 7.x along with LetsEncrypt to enable SSL protected site on Ubuntu 18.04 or later and perform basic configurations needed to get it up and running.

Always start by updating your server, followed by installing apache and openssl, finally enable SSL for apache:

sudo apt update
sudo apt upgrade
sudo apt install apache2 openssl
sudo a2enmod ssl

Now create a home directory for the domain you want to use with this server and create its configuration file:

sudo mkdir -p /var/www/domain.com/public_html
sudo chown -hR www-data:www-data /var/www/
sudo nano /etc/apache2/sites-available/domain.com.conf

And add to the config file:

<VirtualHost *:80>
    ServerName www.domain.com
    ServerAlias domain.com
    DocumentRoot /var/www/domain.com/public_html
    ErrorLog /var/www/domain.com/error.log
    CustomLog /var/www/domain.com/requests.log combined
</VirtualHost>

Save and exit using Ctrl+x followed by Y and then press Enter

Now enable it in apache and restart apache.

sudo ln -s /etc/apache2/sites-available/domain.com.conf /etc/apache2/sites-enabled/domain.com.conf

sudo apache2ctl configtest
sudo apache2ctl restart

Time to install certbot for getting a SSL certificate from LetsEncrypt. Once done, edit the apache config file for the domain.

sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache

sudo certbot --apache -d domain.com -d www.domain.com

sudo nano /etc/apache2/sites-available/domain.com.conf

Append the SSL configurations to it:

<VirtualHost *:443>
    ServerName www.domain.com
    ServerAlias domain.com
    DocumentRoot /var/www/domain.com/public_html
    ErrorLog /var/www/domain.com/error.log
    CustomLog /var/www/domain.com/requests.log combined
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>

Save and exit using Ctrl+x followed by Y and then press Enter

Finally restart apache and test your SSL enabled domain

sudo apache2ctl configtest
sudo apache2ctl restart

Try a dry-run of the certificate renewal to confirm nothing has gone wrong:

sudo certbot renew --dry-run

If everything is ok, add it to cron:

sudo crontab -e

Append to make it run the renewal every 5 days:

0 0 */5 * * certbot renew

Finally Install PHP 7.x, after it is installed, add it to apache.

sudo apt install php php-fpm php-cli php-common php-dev php-gd php-imap php-mbstring php-mysql php-pear php-snmp php-xml php-xmlrpc php-mcrypt

sudo apt install libapache2-mod-php7.0
sudo apache2ctl restart

Create a PHP test script to test your new configuration:

sudo echo '<?php phpinfo(); ?>' >> /var/www/domain.com/public_html/info.php
sudo chown -hR www-data:www-data /var/www/

You may want to edit your php.ini file

sudo nano /etc/php/7.x/cgi/php.ini

To add the following at the bottom of it:

short_open_tag = On
display_errors = on
error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
error_log = error_log
output_buffering = Off
date.timezone = "Asia/Singapore"
upload_max_filesize = 50M
post_max_size = 50M

Save and exit using Ctrl+x followed by Y and then press Enter

And restart apache to load the changes to php.ini

sudo apache2ctl restart