This tutorial will show you how to set up a TLS / SSL certificate from Let’s Encrypt on an Ubuntu 16.04 server running Apache as a web server. SSL certificates are used in web servers to encrypt traffic between the cloud server and the PC, providing additional Apache security with Let’s Encrypt for users accessing your applications. Let’s Encrypt is easy to set up and allows you to install free trusted certificates.
To complete this tutorial, you will need:
– An Ubuntu 16.04 cloud server with a non-root sudo-enable account
– The Apache web server is installed with one or more pre-configured domain names through the specified virtual machine ServerName .
When you are ready to continue Apache security with Let’s Encrypt, log in to your server using your sudo-enabled account.
Step 1 – Install Client Let’s Encrypt
The Let’s Encrypt certificate is encrypted from the client software running on the cloud server. Genuine software is called Certbot, and Cerbot developers maintain their own Ubuntu repositories with the latest updates. Therefore, it is best to use Cerbot to install instead of the default Ubuntu.
First, add the repository:
sudo add-apt-ppa repository: certbot / certbot
Then press ENTER to accept.
Next, update the package list to retrieve the new repository’s package information:
sudo apt-get update
And finally, install Certbot from the repository with apt-get :
sudo apt-get install python-certbot-apache
The certbot client Let’s Encrypt is ready to use.
Step 2 – Install SSL Certificate
Creating an SSL certificate for Apache with Certbot is fairly straightforward. The client software automatically receives and installs the new SSL certificate that matches the domain, provided as parameters.
To perform the installation and receive a certificate that includes only one domain, run the following certbot command, with example.com as your domain:
sudo certbot --apache -d example.com
If you want to install a certificate for multiple domains or subdomains, you can pass them as additional parameters to the command. The first domain in the parameter list will be the base domain used by Let’s encrypt the certificate. So, you should move the primary domain name to the first name in the list, followed by any additional subdomains:
sudo certbot --apache -d example.com -d www.example.com
In this example, assume the base domain is example.com.
If you have multiple virtual machines, you should run certbot once for each machine to create a new certificate for each machine. You can distribute multiple domains and subdomains on your virtual machine in any form.
After running the command, you will be taken through the optional steps to set up your certificate. Such as providing an email address to recover a stolen key or send a notification. You also have the option of launching both http and https protocols in parallel or transferring them all to https . Often the latter option is more secure unless you have a special need for http.
Once the installation is complete, you will be able to find the generated certificate files at / etc / letsencrypt / live . You can verify the status of your SSL certificate with the following link (do not forget to replace example.com with your base domain name):
https://www.ssllabs.com/ssltest/analyze.html?d= example.com & latest
You can now access your site using the https prefix.
Step 3 – Set automatic renewal of Certbot
Let’s Encrypt is only valid for 90 days, so setting up automatic renewal is very important. To do this we use the cron script set in /etc/cron.d . This will refresh any certificate for up to 30 business days.
To test the renewal process, you can perform dry run with certbot :
sudo certbot renew --dry-run
If no errors have occurred, all are set. When needed, Certbot will refresh your certificate and reload Apache to receive the changes. If the auto-renewal process fails, Let’s Encrypt will send a message to the email you provided earlier to alert you when your certificate expires.
This tutorial shows you how to install a free SSL certificate to secure Apache with Let’s Encrypt a hosted web site. For important updates and more information about Certbot Client, you should see the official Let’s Encrypt official blog and Certbot documentation.