I recently had to install Let’s Encrypt certificates on one of my websites hosted on a Ubuntu server running Apache2 web server.
The process was painless and easy.. and this brief tutorial is going to show you what steps I took and what to look out for when installing one yourself.
If you don’t already know, Let’s Encrypt allows anyone to obtain and install their trusted SSL certificates for free on their websites.
It cost nothing.. and you can renew forever.
Preparing your server to install Let’s Encrypt
To install and use Let’s Encrypt trusted certificates, go and download these dependencies.
sudo apt-get update && sudo apt-get install git
Next, run the commands below to download a copy of Let’s Encrypt codes from Git unto your server’s /opt directory.
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
This will create a folder called letencrypt in the /opt directory.
Generating Let’s Encrypt Certificates
The next step is to change into /opt/letsencrypt directory and run a command to generate a certificate for your site.
cd /opt/letsencrypt
To generate a certificate for your single naked domain (example.com), run the commands below.
./letsencrypt-auto --apache -d example.com
You can use a single certificate on multiple domains and sub-domains.. to do that, you’ll have to add them as additional perimeters to the command.
./letsencrypt-auto --apache -d example.com -d www.example.com
This single certificate will cover both example.com and www.example.com
To accomplish this, Apache2 must be setup with these domains and aliases.
Your apache2 server block for your site should include, these lines
ServerName example.com
ServerAlias www.example.com
and so forth.
After running the above commands to generate a certificate, Let’s Encrypt will generate and configure your server block with the correct cert… and store the certificates in live directory /etc/letsencrypt/live
If everything is setup right, you should have a certificate.. to renew that certificate, you’ll have to come back into the /opt/letsencrypt directory and run the commands below
./letsencrypt-auto renew
Or you can setup a cron job to automatically renew your certificate before it expires by editing cron and specifying how often you want to check/renew.
sudo crontab -e
Add the line below and save.
0 0 * * 0 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
The cron job will renew the cert every Sunday at midnight.
That’s it! You should have a valid certificate forever!
Frequently Asked Questions
How to install Let's Encrypt certificates on Ubuntu server with Apache2?
To install Let's Encrypt certificates on Ubuntu server with Apache2, you can follow the steps outlined in this tutorial, including downloading dependencies, cloning Let's Encrypt codes from Git, and generating certificates for your domain.
What are the benefits of using Let's Encrypt certificates?
Let's Encrypt certificates are trusted SSL certificates that you can obtain for free, allowing you to secure your website with encryption. They are cost-effective, easy to renew, and widely recognized by browsers.
Can Let's Encrypt certificates be used on multiple domains and sub-domains?
Yes, Let's Encrypt certificates support using a single certificate on multiple domains and sub-domains. You can add additional domains and sub-domains as parameters when generating the certificate.
How to generate Let's Encrypt certificates for multiple domains using Apache2?
To generate Let's Encrypt certificates for multiple domains using Apache2, you can specify the domains and sub-domains as parameters when running the certificate generation command. Ensure that your Apache2 server block is set up correctly with the specified domains and aliases.
Where are Let's Encrypt certificates stored after generation?
After generating Let's Encrypt certificates, they are stored in the live directory at /etc/letsencrypt/live on your server. Let's Encrypt also configures your server block with the correct certificate for secure HTTPS connections.
What is the command to generate a Let's Encrypt certificate for a domain?
To generate a Let's Encrypt certificate for a domain, you can use the command ./letsencrypt-auto --apache -d yourdomain.com. Replace 'yourdomain.com' with your actual domain name.
What should be included in the Apache2 server block for Let's Encrypt certificates?
In the Apache2 server block for Let's Encrypt certificates, you should include ServerName yourdomain.com and ServerAlias www.yourdomain.com to ensure that the certificate covers both the naked domain and www subdomain.
How to renew Let's Encrypt certificates on Ubuntu server?
To renew Let's Encrypt certificates on Ubuntu server, you can follow the renewal process provided by Let's Encrypt. Ensure that your server configuration is up to date and the renewal process is automated for seamless certificate updates.