I recently had to install Let’s Encrypt certificates on one of my websites hosted on a Ubuntu server running Apache2 web server.
The process was painless and easy.. and this brief tutorial is going to show you what steps I took and what to look out for when installing one yourself.
If you don’t already know, Let’s Encrypt allows anyone to obtain and install their trusted SSL certificates for free on their websites.
It cost nothing.. and you can renew forever.
Preparing your server to install Let’s Encrypt
To install and use Let’s Encrypt trusted certificates, go and download these dependencies.
sudo apt-get update && sudo apt-get install git
Next, run the commands below to download a copy of Let’s Encrypt codes from Git unto your server’s /opt directory.
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
This will create a folder called letencrypt in the /opt directory.
Generating Let’s Encrypt Certificates
The next step is to change into /opt/letsencrypt directory and run a command to generate a certificate for your site.
cd /opt/letsencrypt
To generate a certificate for your single naked domain (example.com), run the commands below.
./letsencrypt-auto --apache -d example.com
You can use a single certificate on multiple domains and sub-domains.. to do that, you’ll have to add them as additional perimeters to the command.
./letsencrypt-auto --apache -d example.com -d www.example.com
This single certificate will cover both example.com and www.example.com
To accomplish this, Apache2 must be setup with these domains and aliases.
Your apache2 server block for your site should include, these lines
ServerName example.com
ServerAlias www.example.com
and so forth.
After running the above commands to generate a certificate, Let’s Encrypt will generate and configure your server block with the correct cert… and store the certificates in live directory /etc/letsencrypt/live
If everything is setup right, you should have a certificate.. to renew that certificate, you’ll have to come back into the /opt/letsencrypt directory and run the commands below
./letsencrypt-auto renew
Or you can setup a cron job to automatically renew your certificate before it expires by editing cron and specifying how often you want to check/renew.
sudo crontab -e
Add the line below and save.
0 0 * * 0 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
The cron job will renew the cert every Sunday at midnight.
That’s it! You should have a valid certificate forever!