Home / Install free SSL certificate with Let’s encrypt on Ubuntu 18.04

Install free SSL certificate with Let’s encrypt on Ubuntu 18.04

7674 views 3 min , 14 sec read

In this article, We’ll show you how you can Install free SSL certificate using Let’s encrypt for your Apache Web server. Let’s Encrypt is a free SSL certificate that you can use to secure your Apache web server and lasts 90 days after which you can auto renew it.

Prerequisites

  1. An instance of Ubuntu 18.04 with root access
  2. Fully Qualified Domain Name with an A record. we are going to use example.com

Installation of the requisite software

The first step is to install certbot’s PPA

$ sudo add-apt-repository ppa:certbot/certbot

Press ‘ENTER’ when prompted to do so.

Next, update the system

$ sudo apt-get update

Install Certbot’s Apache package with apt

$ sudo apt-get install python-certbot-apache

Generating the Key and the certificate

Next, you will run the command below

$ $ sudo certbot --apache-d example.com -d www.example.com

This will generate the SSL certificate automatically and have Certbot edit your Apache configuration automatically.
Thereafter , you will get a prompt requiring you to supply your email , Accept the terms of service and whether or not you’d like to share your email address with Let’s encrypt project.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

After doing this  certbot will contact the  Let’s Encrypt server. It will thereafter run a challenge to verify whether you control the domain that  you’re requesting a certificate for.

If it’s a success , certbot will ask how you’d like to configure your HTTPS settings:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select your choice and pressENTER. The configuration will thereafter be updated, and Apache will reload to pick up the new settings. certbot will wrap up by displaying a message about the successful process and give you the location of the certificates

 

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2018-07-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 

Verifying Cerbot’s autorenewal

The certbot package we have just installed takes care of the renewal process by adding  a renew script to /etc/cron.d. This script runs twice a day and will automatically renew any SSL certificate  within 90 days of expiration.

To test the renewal process, you can run:

sudo certbot renew --dry-run

If there are no errors displayed , you are good to go ! Certbot will then renew your certificates and reload Apache to effect the changes. If the automated renewal process works as intended,  Let’s Encrypt will send a message to the email you specified  during the installation process , warning you when your certificate is about to expire.

About James

Hey there! This is James, a Linux administrator and a tech enthusiast. I love experimenting with various distributions of Linux and keeping tabs on what's new in the Linux world.
View all posts by James
Deploy a managed hourly billed Cloud Server!
Read More