In this tutorial we are going to show you, how to install Let’s Encrypt SSL Certificates using Certbot. Let’s Encrypt is an open source, completely free and automated Certificate Authority (CA) that offers free domain-validated (DV) certificates for your websites. SSL Certificates are used to establish a secure encrypted connection between a web server and a user’s web browser. The SSL certificates that have been issued by Let’s Encrypt are valid for 90 days and are trusted by most web browsers today.
Let’s Encrypt has an automated installer called Certbot. With Certbot you can very easily add a certificate to your site in just a couple of minutes. Certbot can be used on both Nginx and Apache server and it is supported on various Linux distributions such us Ubuntu, Debian or CentOS. For the purposes of this tutorial, we will show you how to install Let’s Encrypt SSL certificate on Ubuntu 16.04 with Apache web server.
1. Install Certbot
To install Certbot, simply run the following commands:
apt-get install software-properties-common python-software-properties add-apt-repository ppa:certbot/certbot apt-get update apt-get install python-certbot-apache
2. Install Let’s Encrypt SSL Certificate
To install a Let’s Encrypt SSL certificate on your domain, execute the following command (make sure you replace ‘yourdomain.com’ with your actual domain name):
certbot --apache -d yourdomain.com
You will then be asked for an email address and to read and accept the Terms of Services. This is how the output should look like during the installation:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): admin@yourdomain.com ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for yourdomian.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
3. Redirect HTTP to HTTPS
Additionally, you can also make a choice if you would like to redirect all the HTTP traffic to HTTPS:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf ------------------------------------------------------------------------------- Congratulations! You have successfully enabled https://yourdomain.com
4. Automatic renewal
You can also create a cron job in order to set up an automatic SSL renewal. To do this first run:
crontab -e
and then add the following:
0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log
Save the file and close it. Restart the cron service so the changes can take effect:
service cron restart
That’s it. You can now open https://yourdomain.com in your browser and verify whether the Let’s Encrypt SSL certificate has been installed properly.
Of course, you don’t have to install Let’s Encrypt SSL Certificate using Certbot if you use one of our Linux Server Support Services in which case you can simply ask our expert Linux admins to install Let’s Encrypt using Certbot for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post, on how to install Let’s Encrypt SSL Certificate using Certbot, please share it with your friends on the social networks using the buttons on the right or simply leave a reply below. Thanks.