Install a free SSL certificate and serve your site with “https”.
Let’s Encrypt provides free SSL certificates and with the help of the installation tool called Certbot, you can easily enable an HTTPS certificate for your website.
These instructions are for users running either Nginx or Apache on Ubuntu server and have access to the server’s command line.
Install the Certbot tool
Before you can add an HTTPS certificate, you need to download and install the Certbot tool.
# Stop nginx server before installing Certbot service nginx stop # Install Certbot sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginxCode language: PHP (php)
If you’re running Apache:
service apache2 stop sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-apacheCode language: Shell Session (shell)
Install the SSL (https) certificate
Once you’ve installed the tool, obtaining and installing a Let’s Encrypt certificate is just running
# On Nginx webserver certbot --nginxCode language: PHP (php)
# On Apache certbot --apacheCode language: PHP (php)
--apache in the command is to let Certbot know the type of server. You could also add another parameter to the command:
certbot --nginx --redirect
… to let Certbot know to automatically redirect
https. Certbot will change the server’s config file during installation.
When you run the command, you may be prompted to enter an email address. Go ahead and do that to get important updates about your certificate from Let’s Encrypt.
Start your server
service nginx start # or service apache2 startCode language: PHP (php)
You’re done! You should now be able to access your site using
This free certificate from Let’s Encrypt is issued for 90 days. You’ll need to renew it when it has less than 30 days to expire by using the command:
Setup auto-renew of the SSL certificate
To automate the renewal of the certificate, we’ll setup a cron job to run the renew command at the particular time. ‘Cron’ is basically a utility on Linux that is used to schedule tasks. To edit cron, run:
You should see a file in which you can add your job that also has instructions on how to add jobs. The format of a cron job is
minute hour dayOfmonth month dayOfweek commandtobeRun with each of these parameters mentioned as a number. So
10 1 1 * * certbot renew means the command
certbot renew will be run on the first of every month at 1.10AM.
Add this text to the last line of your crontab file:
* 1 * * certbot -q renew`
This will run the command for certificate every day at 1AM. Certbot will not renew the file if you have more than 30 days left to expiry, so your certificate will not actually be renewed every day. (The
-q parameter is to run the command quietly in the background).