This post will show you how to set up a TLS/SSL certificate from Let’s Encrypt on an Ubuntu server running Apache as a web server.
Introduction about SSL
SSL stands for Secure Socket Layer. SSL is a protocol used for sending confidential data over the Internet. SSL creates a secure connection between a web browser and the server. In this process, SSL uses encryption to keep the data private.
Advantages of SSL
• Encrypts Information. SSL certificate ensures the data you send online are read by only the intended recipient and none else.
• SSL makes some changes in the original data so that the data can’t be read by the third parties.
• Having SSL certificate ensures authentication.
• Secure against phishing attacks.
• Better search engine rankings.
Install SSL certificate using Let’s Encrypt
Prerequisites
• Ubuntu server with a non-root sudo user.
• The Apache web server installed and domain name properly configured.
• Your domain mapped with server IP.
Step 1 — Install the Let’s Encrypt Client
The first step to Let’s Encrypt SSL certificate is to install the certbot software on your server.
sudo add-apt-repository ppa:certbot/certbot
You will need to press ENTER to accept. Then update the package list using following command
sudo apt-get update
Install Certbot SSL using following command.
sudo apt-get install python-certbot-apache
Step 2 — Set Up the SSL Certificate
Following command is automatically install a new SSL certificate on apache server that is valid for only 3 months. A single certificate that is valid for multiple domains or subdomains. Execute following command.
sudo certbot --apache -d example.com
If you can execute above command then it will ask some basic information like email, agree terms & service and enabling both http and https access. After install certificate, automatically changed apache configuration file as required.
When the installation is finished, you should be able to find the generated certificate files at /etc/letsencrypt/live.
Step 3 — Auto Renewal SSL Certificate
Let’s Encrypt’s certificates is valid for 3 months. Following command is to check for expiring certificates and renew them automatically.
sudo crontab -e
After execute above command, Your text editor will open the default crontab which is a text file with some help text in it.
Paste in the following line at the end of the file, then save and close it:
15 3 * * * /usr/bin/certbot renew --quiet
Now your domain is ready with SSL Certificate.