I recently had to install Let’s Encrypt certificates on one of my websites hosted on a Ubuntu server running Apache2 web server.

The process was painless and easy.. and this brief tutorial is going to show you what steps I took and what to look out for when installing one yourself.

If you don’t already know, Let’s Encrypt allows anyone to obtain and install their trusted SSL certificates for free on their websites.

It cost nothing.. and you can renew forever.

Preparing your server to install Let’s Encrypt

To install and use Let’s Encrypt trusted certificates, go and download these dependencies.

sudo apt-get update && sudo apt-get install git

Next, run the commands below to download a copy of Let’s Encrypt codes from Git unto your server’s /opt directory.

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

This will create a folder called letencrypt in the /opt directory.

Generating Let’s Encrypt Certificates

The next step is to change into /opt/letsencrypt directory and run a command to generate a certificate for your site.

cd /opt/letsencrypt

To generate a certificate for your single naked domain (example.com), run the commands below.

./letsencrypt-auto --apache -d example.com

You can use a single certificate on multiple domains and sub-domains.. to do that, you’ll have to add them as additional perimeters to the command.

./letsencrypt-auto --apache -d example.com -d www.example.com

This single certificate will cover both example.com and www.example.com

To accomplish this, Apache2 must be setup with these domains and aliases.

Your apache2 server block for your site should include, these lines

ServerName   example.com
ServerAlias  www.example.com

and so forth.

After running the above commands to generate a certificate, Let’s Encrypt will generate and configure your server block with the correct cert… and store the certificates in live directory /etc/letsencrypt/live

If everything is setup right, you should have a certificate.. to renew that certificate, you’ll have to come back into the /opt/letsencrypt directory and run the commands below

./letsencrypt-auto renew

Or you can setup a cron job to automatically renew your certificate before it expires by editing cron and specifying how often you want to check/renew.

sudo crontab -e

Add the line below and save.

0 0 * * 0 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

The cron job will renew the cert every Sunday at midnight.

That’s it! You should have a valid certificate forever!

How To Install SSL Certificates On Apache2 Web Server