Install Let's Encrypt SSL Certificates using Certbot

Install Let’s Encrypt SSL Certificates using Certbot

In this tutorial we are going to show you, how to install Let’s Encrypt SSL Certificates using Certbot. Let’s Encrypt is an open source, completely free and automated Certificate Authority (CA) that offers free domain-validated (DV) certificates for your websites. SSL Certificates are used to establish a secure encrypted connection between a web server and a user’s web browser. The SSL certificates that have been issued by Let’s Encrypt are valid for 90 days and are trusted by most web browsers today.

Let’s Encrypt has an automated installer called Certbot. With Certbot you can very easily add a certificate to your site in just a couple of minutes. Certbot can be used on both Nginx and Apache server and it is supported on various Linux distributions such us Ubuntu, Debian or CentOS. For the purposes of this tutorial, we will show you how to install Let’s Encrypt SSL certificate on Ubuntu 16.04 with Apache web server.

1. Install Certbot

To install Certbot, simply run the following commands:

apt-get install software-properties-common python-software-properties
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-apache

2. Install Let’s Encrypt SSL Certificate

To install a Let’s Encrypt SSL certificate on your domain, execute the following command (make sure you replace ‘yourdomain.com’ with your actual domain name):

certbot --apache -d yourdomain.com

You will then be asked for an email address and to read and accept the Terms of Services. This is how the output should look like during the installation:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for yourdomian.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

3. Redirect HTTP to HTTPS

Additionally, you can also make a choice if you would like to redirect all the HTTP traffic to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://yourdomain.com

4. Automatic renewal

You can also create a cron job in order to set up an automatic SSL renewal. To do this first run:

crontab -e

and then add the following:

0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

Save the file and close it. Restart the cron service so the changes can take effect:

service cron restart

That’s it. You can now open https://yourdomain.com in your browser and verify whether the Let’s Encrypt SSL certificate has been installed properly.

 

Of course, you don’t have to install Let’s Encrypt SSL Certificate using Certbot if you use one of our Linux Server Support Services in which case you can simply ask our expert Linux admins to install Let’s Encrypt using Certbot for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on how to install Let’s Encrypt SSL Certificate using Certbot, please share it with your friends on the social networks using the buttons on the right or simply leave a reply below. Thanks.

2 thoughts on “Install Let’s Encrypt SSL Certificates using Certbot

  1. I ran this command: certbot –apache -d linuxbuz.com

    I am getting the following error:

    IMPORTANT NOTES:

    The following errors were reported by the server:

    Domain: linuxbuz.com
    Type: connection
    Detail: Fetching
    https://linuxbuz.com/.well-known/acme-challenge/ewpBCX7N0nzDyBZZILYP-y9sKHI4seFGac4Se7TpwfA:
    Connection refused

    1. Connection refused means that something blocks the communication on port 443 (HTTPS). You need to be sure that Apache is listening on port 443 and the firewall allows 443 TCP traffic.

Leave a Reply

Your email address will not be published. Required fields are marked *