This tutorial will show you how to set up a TLS / SSL certificate from Let’s Encrypt on an Ubuntu 16.04 server running Apache as a web server. If you do not know how to install apache on ubuntu, you can read the article: How to install Lamp on Ubuntu.
Install Let’s Encrypt on Ubuntu 16.04
Let’s Encrypt is easy to set up and allows you to install free trusted certificates.
To complete this tutorial, you will need:
– An Ubuntu cloud server running version 16.04 or higher with a sudo-enable non-root account
– Apache webserver installed with one or more domains configured to be configured Available via the specified virtual machine ServerName .
When you are ready to continue securing Apache with Let’s Encrypt, log into your server using the sudo-enabled account.
Step 1 – Install the Let’s Encrypt client
Let’s Encrypt certificates are encrypted from client software running on the cloud server. Genuine software is called Certbot, and Cerbot developers maintain their own Ubuntu software repository with the latest updated versions. Therefore, the best way is to use Cerbot to install instead of the default Ubuntu.
First, add an archive:
sudo add-apt-repository ppa: certbot / certbot
Then press ENTER to accept.
Next, update the package list to get package information of the new archive:
sudo apt-get update
And finally, install Certbot from the repository using apt-get :
sudo apt-get install python-certbot-apache
The Let’s Encrypt client certbot is ready to use.
Step 2 – Install the SSL Certificate
Creating an SSL certificate for Apache using Certbot is quite simple. The client software will automatically receive and install a new SSL certificate that matches the domain, provided as parameters.
To do the installation and get a certificate that covers only one domain, run the following certbot command, with example.com as your domain:
sudo certbot --apache -d example.com
If you want to set up a certificate for multiple domains or subdomains, you can pass them as additional parameters to the command. The first domain name in the parameter list will be the base domain used by Let’s Encrypt to generate the certificate. Therefore, you should turn the primary domain name into the first name in the list, followed by any additional subdomains:
sudo certbot --apache -d example.com -d www.example.com
In this example, assume the base domain name is example.com.
If you have multiple virtual machines, you should run certbot once for each machine to create a new certificate for each machine. You can distribute multiple domains and subdomains on your virtual machine in any form.
After running the command, you will be taken through optional steps to set up your certificate. Such as providing an email address to recover a stolen key or sending a notice. You can also choose to launch both http and https protocols in parallel or switch them all over to https . Often the latter is more secure unless you have special needs for http.
When the installation is complete, you will be able to find the generated certificate files at / etc / letsencrypt / live . You can verify the status of the SSL certificate with the following link (don’t forget to replace example.com with your base domain name):
You can now access your site using the https prefix .
Step 3 – Set up auto-renewal of Certbot
Let’s Encrypt is only valid for 90 days , so setting up auto-renewal is very important. To do this we use the cron script located in /etc/cron.d . This action will refresh any certificates with 30 days of activity left.
To check the renewal process, you can perform a dry run with the certbot :
sudo certbot renew --dry-run
If no error occurred, all is set. When needed, Certbot will refresh your certificate and reload Apache to receive the changes. If the auto-renewal process fails, Let’s Encrypt will send a message to the email you provided earlier to alert you when your certificate is about to expire.
This article shows you how to install a free SSL certificate to secure Apache with Let’s Encrypt, a website hosted on the server. For important updates and more details about the Certbot Client, you should check out the details of Let’s Encrypt’s official blog and the Certbot documentation.