How to Install SuiteCRM with Apache and free Let's Encrypt SSL on Debian 11

SuiteCTM is an open-source Customer Relationship Management solution written in PHP. It is a fully-featured and highly-extensible CRM application that runs on any operating system. It became popular when SugarCRM decided to stop the development of its community edition. It is used for creating business strategies, actions, and decisions. It is an alternate CRM solution for other commercial CRM such as SugarCRM, Salesforce, and Microsoft.

In this post, we will show you how to install SuiteCRM with Apache and Let's Encrypt SSL on Debian 11.


  • A server running Debian 11.
  • A valid domain name pointed with your server IP.
  • A root password is configured on the server.

Install Apache, MariaDB, and PHP

SuiteCRM is a PHP-based application and uses MariaDB as a database backend. So you will need to install the Apache server, MariaDB database server, PHP, and other necessary PHP extensions to your server. You can install all of them using the following command:

apt-get install apache2 mariadb-server mariadb-client php php-common php-zip php-mysql php-gd php-curl php-imap php-mbstring php-xml php-json libapache2-mod-php unzip libpcre3 -y

Once all the packages are installed, edit the php.ini file and change some default settings:

nano /etc/php/7.4/apache2/php.ini

Change the following settings:

memory_limit = 256M
post_max_size = 64M
upload_max_filesize = 64M

Save and close the file then restart the Apache service to apply the changes:

systemctl restart apache2

Create a MariaDB Database for SuiteCRM

First, you will need to secure the MariaDB installation and set a root password. You can do it by executing the following script:


Answer all the questions as shown below:

Enter current password for root: Press 
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Once you are finished, log in to the MariaDB shell with the following command:

mysql -u root -p

Once you are connected to the MariaDB, create a database and user for SuiteCRM using the following command:

MariadDB [(none)]> CREATE DATABASE suitecrm;
MariaDB [(none)]> CREATE USER 'suitecrm'@'localhost' IDENTIFIED BY 'password';

Next, grant all the privileges to the SuiteCRM database with the following command:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON suitecrm.* TO 'suitecrm'@'localhost';

Next, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> EXIT;

After creating the MariaDB database and user, you can proceed to the next step.

Install SuiteCRM

First, download the latest version of SuiteCRM using the wget command:


Next, unzip the downloaded file with the following command:


Next, move the extracted directory to the Apache default root directory:

mv SuiteCRM-7.12.1 /var/www/html/suitecrm

Next, change the ownership and permission of the SuiteCRM directory:

chown -R www-data:www-data /var/www/html/suitecrm
chmod -R 755 /var/www/html/suitecrm

Once you are finished, you can proceed to the next step.

Configure Apache for SuiteCRM

Next, you will need to configure Apache to host SuiteCRM on the internet. To do so, create an Apache virtual host configuration file with the following command:

nano /etc/apache2/sites-available/suitecrm.conf

Add the following lines:

<VirtualHost *:80>

 DocumentRoot /var/www/html/suitecrm

 <Directory /var/www/html/suitecrm>
    Options FollowSymLinks
    AllowOverride All

 ErrorLog /var/log/apache2/suitecrm-error.log
 CustomLog /var/log/apache2/suitecrm-access.log common


Save and close the file then activate the SuiteCRM virtual host configuration file with the following command:

a2ensite suitecrm.conf

Next, reload the Apache service to apply the configuration changes:

systemctl reload apache2

To check the status of the Apache service, run the following command:

systemctl status apache2

You will get the following output:

? apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2021-11-19 16:36:48 UTC; 4s ago
    Process: 16290 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 16296 (apache2)
      Tasks: 6 (limit: 4679)
     Memory: 15.5M
        CPU: 99ms
     CGroup: /system.slice/apache2.service
             ??16296 /usr/sbin/apache2 -k start
             ??16297 /usr/sbin/apache2 -k start
             ??16298 /usr/sbin/apache2 -k start
             ??16299 /usr/sbin/apache2 -k start
             ??16300 /usr/sbin/apache2 -k start
             ??16301 /usr/sbin/apache2 -k start

Nov 19 16:36:48 debian11 systemd[1]: Starting The Apache HTTP Server...

After configuring the Apache web server, you can proceed to access the SuiteCRM web interface.

Access SuiteCRM Web Interface

Now, open your web browser and type the URL to access the SuiteCRM web UI. You should see the following screen:


Accept the license agreement and click on the Next button. You should see the following page:

System check

Make sure all checks return OK, then click on the Next button to continue. You should see the SuiteCRM configuration page:

Database and site configuration

Demo data

SMTP settings

System locale

Provide your Database information, Admin user details, SMTP server specification, Branding details, Site security settings, and click on the Next button. You should see the following page:

SuiteCRM config file

Click on the Next button. You should see the SuiteCRM login page:

SuiteCRM Login

Provide your admin username, password and click on the LOG IN button. You should see the SuiteCRM dashboard on the following screen:


Secure SuiteCRM with Let's Encrypt SSL

After configuring Apache, it is recommended to secure your website with the Let's Encrypt SSL certificate. To do so, you will need to install the Certbot client in your system. The Certbot is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Using the Certbot Let's Encrypt client you can easily download, install and renew the SSL certificate for your domain.

You can install the Certbot with the following command:

apt-get install certbot python3-certbot-apache -y

Once the Certbot client has been installed successfully, run the following command to install the Let's Encrypt SSL for your website:

certbot --apache -d

You will be asked to provide your valid email and accept the term of service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at You must
agree in order to register with the ACME server at
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/suitecrm-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/suitecrm-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/suitecrm-le-ssl.conf

Next, select whether or not to redirect HTTP traffic to HTTPS or configure Nginx to redirect all traffic to secure HTTPS access as shown in the following output:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to start the process. Once the installation is completed, you should get the following output:

Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/suitecrm.conf to ssl vhost in /etc/apache2/sites-available/suitecrm-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled

You should test your configuration at:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2022-02-21. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          


Congratulations! you have successfully installed SuiteCRM with Apache and Let's Encrypt SSL on Debian 11. You can now explore the SuiteCRM for more features. Feel free to ask me if you have any questions.

Share this page:

1 Comment(s)

Add comment

Please register in our forum first to comment.


By: Javier

Dear Hitesh,

I am trying to install SuiteCRM 7.12.6 from the official site. My server has Plesk Obsidian v18.0.45 running over Ubuntu 20.04.4 LTS, with Apache version 2.4.41 and PHP version 8.0.21.

I am following the instructions provided on the official site. I uploaded the installation files to a folder within the file system for one of the Plesk subscriptions. After doing so, the install.php file loaded up in the browser, but the installation didn’t work, as expected. I then executed the sudo commands using the SHH terminal and, after that, the install.php file will load just a blank page.

I then go to the log and I can see a 500 error reading the following:

|2022-07-27 03:41:21|Error|XX-XXX-XX-XX||AH01071: Got error ‘PHP message: PHP Fatal error: Uncaught TypeError: fwrite(): Argument #1 ($stream) must be of type resource, bool given in ~/suitecrm/install/install_utils.php:723\nStack trace:\n#0 ~/suitecrm/install/install_utils.php(723): fwrite()\n#1 ~/suitecrm/install/install_utils.php(64): installLog()\n#2 ~/suitecrm/install.php(826): installerHook()\n#3 {main}\n thrown in ~/install/install_utils.php on line 723’|

So I did the following as suggested on different forums:

Check ownership and permissions to ensure my web server has access to write to ‘install.log’:

I am completely new to Linux, but I checked the permissions for this file as shown in the file manager in Plesk and with the ‘ls -l’ command (since the ‘ll’ command does not work), and these are ‘rwx r-x r-x’ and the owner is user ‘www-data’ in the group ‘www-data’, which is 755, and this is what we would expect after using the previous sudo command for all the files in the folder, right? So, considering this, can we be sure that the web server can write into the file?

Install Composer.

When I install it following the instructions, I get:

Installing dependencies from lock file Verifying lock file contents can be installed on current platform. Nothing to install, update or remove

In JsonFile.php line 181:

file_put_contents ~/suitecrm/vendor/composer/installed.json: Failed to open stream: Permission denied

So, not really sure if Composer was already installed as it says ‘Nothing to install’ or it could not be installed because of that ‘Permission denied’ (that ‘installed.json’ file also has permissions 755 and the owner is www-data.

I would really appreciate your help, could you give me a hand, please?

Have a good one,