Let’s Encrypt is a certificate authority (CA) that provides free SSL / TLS certificates which can be used for production use as well. It’s possible to get a valid SSL certificate for your domain for free. It is only possible to request them from the server where the domain is pointed at. Let’s Encrypt does a DNS check for the domain that is pointed to the current server. After that, it will issue the certificate for you. This guide will show you how to install the Let’s Encrypt client on your Ubuntu system and issue the SSL certificate for the domain.
Prerequisites
Before we proceed, we will assume you already have:
- A running Ubuntu system and sudo privileges shell access.
- Snapd installed and classic snap support enabled.
- A domain name that is registered and pointed to the public IP address of your server. For this guide, we will use example.com and www.example.com, which are both pointed to our server.
- A running web server with a Virtual Host configured for example.com as well as www.example.com on Port 80.
Step 1 – installing Snapd
Snaps can be used on all major Linux distributions, including Ubuntu, Linux Mint, Debian and Fedora.
Snap comes pre-installed on Ubuntu 16 and later. To confirm that you have the most recent version of snapd, run the following commands from the command line on the system.
$ sudo snap install core; sudo snap refresh coreIf you have any Certbot packages installed via apt, remove them before installing the Certbot snap to ensure that when you run the command certbot, the snap version is used rather than the package manager version.
$ sudo apt-get remove certbotIf you previously installed Certbot using the certbot-auto script, you should delete it.
Step 2 – Installing Let’s Encrypt Client
To install Certbot, use this command on the machine’s command line.
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbotStep 3 – Getting an SSL Certificate
Let’s Encrypt automatically does a strong Domain validation with multiple challenges to verify the ownership of the domain. The SSL certificate will be issued once the Certificate Authority (CA) has verified your domain’s authenticity.
$ sudo certbot certonly --standalone -d example.com -d www.example.comThis last command will ask for an email address, which is used to send email alerts related to the renewal and expiration of SSL. It will also ask a few more questions. Once completed, it will issue an SSL certificate and create a new VirtualHost configuration file on your system.
Step 4 – Checking SSL Certificate
If all goes well, a new SSL will be issued as shown below. Navigate to the following directory to view files.
$ cd /etc/letsencrypt/live/example.com
$ lsOutput:
cert.pem chain.pem fullchain.pem privkey.pem
Step 5 – Configuring SSL VirtualHost
Use these Apache and Nginx web server configurations. Edit virtual configuration file of host then add entries for the certificate down below.
Nginx:
ssl on; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Apache:
SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
Step 6 – SSL Auto Renew
Certbot package on your system includes a cron job or systemd timer that will automatically renew your certificates before they expire. Unless your setup changes, you will not need to run Certbot again. You may test automatic certificate renewal by executing the following command:
$ sudo certbot renew --dry-runThe certbot renew command is installed in one of the following locations:
/etc/crontab//etc/cron.*/*systemctl list-timers
You can check on How To Secure Apache with Let’s Encrypt for other details.
For cheap and reliable SSL, check out our SSL certificates plans.
Français
English
العربية
Webhi.Technology
@WebHiTechnology