Let’s Encrypt provides free SSL certificates and with the help of the installation tool called Certbot, you can easily enable an HTTPS certificate for your website.

These instructions are for users running either Nginx or Apache on Ubuntu server and have access to the server’s command line.

Install the Certbot tool

Before you can add an HTTPS certificate, you need to download and install the Certbot tool.

1
2
3
4
5
6
7
# Stop nginx server before installing Certbot
service nginx stop

# Install Certbot
sudo add-apt-repository ppa:certbot/certbot 
sudo apt-get update  
sudo apt-get install python-certbot-nginx

If you’re running Apache:

1
2
3
4
service apache2 stop
sudo add-apt-repository ppa:certbot/certbot 
sudo apt-get update  
sudo apt-get install python-certbot-apache

Install the https certificate

Once you’ve installed the tool, obtaining and installing a Let’s Encrypt certificate is just running

1
2
# On Nginx webserver
certbot --nginx
1
2
# On Apache
certbot --apache

Parameter --nginx in the command is to let Certbot know the type of server. You could also add another parameter to the command:

1
certbot --nginx --redirect

to let Certbot know to automatically redirect http to https. Certbot will change the server’s config file during installation.

When you run the command, you may be prompted to enter an email address. Go ahead and do that to get important updates about your certificate from Let’s Encrypt.

Start your server

1
2
3
service nginx start
# or
service apache2 start

You’re done! You should now be able to access your site using https://yourdomain.

This free certificate from Let’s Encrypt is issued for 90 days. You’ll need to renew it when it has less than 30 days to expire by using the command

1
certbot renew

Setup auto-renew of the SSL certificate

To automate the renewal of the certificate, we’ll setup a cron job to run the renew command at the particular time. ‘Cron’ is basically a utility on Linux that is used to schedule tasks. To edit cron, run

1
crontab -e

You should see a file in which you can add your job that also has instructions on how to add jobs. The format of a cron job is minute hour dayOfmonth month dayOfweek commandtobeRun with each of these parameters mentioned as a number. So 10 1 1 * * certbot renew means the command certbot renew will be run on the first of every month at 1.10AM.

Add this text to the last line of your crontab file:

1
* 1 * * certbot -q renew`

This will run the command for certificate every day at 1AM. Certbot will not renew the file if you have more than 30 days left to expiry, so your certificate will not actually be renewed every day. (The -q parameter is to run the command quietly in the background).