In this tutorial we are going to show you, with step-by-step instructions on how to install Let’s Encrypt with Apache on Ubuntu 16.04. Let’s Encrypt is an open SSL Certificate Authority (CA) that offers free domain-validated (DV) certificates for your websites. SSL Certificates are used to establish a secure encrypted connection between a web server and a user’s web browser. The SSL certificates that have been issued by Let’s Encrypt are valid for 90 days and are trusted by most web browsers today.
1. Requirements
In order to start with the installation procedure, you need to have Apache or Nginx installed on your server. If there is no web server installed on your virtual server, please follow this tutorial to install Apache.
Also, you need a registered domain name with its A record pointing to your server’s IP address. For the purposes of this tutorial, we will use ‘yourdomain.com’.
2. Install CertBot
Run the following commands:
sudo apt-get install software-properties-common python-software-properties sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-apache
3. Install Let’s Encrypt SSL
Install Let’s Encrypt SSL certificate on your domain (do not forget to replace ‘yourdomain.com’ with your actual domain):
sudo certbot --apache -d yourdomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: N Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for linuxhostsupport.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
4. Redirect HTTP traffic to HTTPS
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf ------------------------------------------------------------------------------- Congratulations! You have successfully enabled https://yourdomain.com
5. Renew the SSL certificate with a cron job
Create a cron job so the SSL certificate is renewed automatically. Run:
crontab -e
and add the following line:
0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log
Save and close that file and restart cron service for the changes to take effect:
service cron restart
Open https://yourdomain.com in your favorite web browser, and check whether Let’s Encrypt SSL is installed properly:
That is it. Let’s Encrypt SSL certificate has been successfully installed on your website.
Of course you don’t have to Install Let’s Encrypt with Apache on Ubuntu 16.04, if you use one of our Linux Server Support services, in which case you can simply ask our expert Linux admins to install Let’s Encrypt SSL certificate on Ubuntu 16.04 for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post on How to Install Let’s Encrypt with Apache on Ubuntu 16, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
I have tried multiple other instructions that did not work, however, this worked perfectly!!! THANK YOU!
Thanks a lot as I have tried a lot other options but this steps mentioned is article worked perfect for me..!! Thanks a lot again.!
Hi there,
What if I want to enable Let’s encrypt for different ports: 8080 and 8081?
regards,
I follow every step and still i got this error. Checked DNS, IP, everything is alright
– The following errors were reported by the server:
Type: connection
Detail: Fetching
http:///.well-known/acme-challenge/NYDvWGX2wFdb4q2vsFC2Kyq-J1pViG5I9cC2NaKoqv0:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Please check your web server configuration.
DON-JOHNNY,
What ports are you using?
You have to use DNS challenge rather than http or https validation. I had the same problem and was able to resolve by using DNS challenge.
Renew certificate cronjob is not working
What is the error message you get?
Thanks a lot buddy, i used above step to configure SSL on Apache2 in Ubuntu 16.0.04 and it’s working.