Get a Let’s Encrypt SSL certificate for your domain

Install a free SSL certificate and serve your site with “https”.

Let’s Encrypt provides free SSL certificates and with the help of the installation tool called Certbot, you can easily enable an HTTPS certificate for your website.

These instructions are for users running either Nginx or Apache on Ubuntu server and have access to the server’s command line.

Install the Certbot tool

Before you can add an HTTPS certificate, you need to download and install the Certbot tool.

In NGINX:

# Stop nginx server before installing Certbot service nginx stop # Install Certbot sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx
Code language: PHP (php)

If you’re running Apache:

service apache2 stop sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-apache
Code language: Shell Session (shell)

Install the SSL (https) certificate

Once you’ve installed the tool, obtaining and installing a Let’s Encrypt certificate is just running

# On Nginx webserver certbot --nginx
Code language: PHP (php)
# On Apache certbot --apache
Code language: PHP (php)

Parameter --nginx or --apache in the command is to let Certbot know the type of server. You could also add another parameter to the command:

certbot --nginx --redirect

… to let Certbot know to automatically redirect http to https. Certbot will change the server’s config file during installation.

When you run the command, you may be prompted to enter an email address. Go ahead and do that to get important updates about your certificate from Let’s Encrypt.

Start your server

service nginx start # or service apache2 start
Code language: PHP (php)

You’re done! You should now be able to access your site using https://yourdomain.

This free certificate from Let’s Encrypt is issued for 90 days. You’ll need to renew it when it has less than 30 days to expire by using the command:

certbot renew

Setup auto-renew of the SSL certificate

To automate the renewal of the certificate, we’ll setup a cron job to run the renew command at the particular time. ‘Cron’ is basically a utility on Linux that is used to schedule tasks. To edit cron, run:

crontab -e

You should see a file in which you can add your job that also has instructions on how to add jobs. The format of a cron job is minute hour dayOfmonth month dayOfweek commandtobeRun with each of these parameters mentioned as a number. So 10 1 1 * * certbot renew means the command certbot renew will be run on the first of every month at 1.10AM.

Add this text to the last line of your crontab file:

* 1 * * certbot -q renew`

This will run the command for certificate every day at 1AM. Certbot will not renew the file if you have more than 30 days left to expiry, so your certificate will not actually be renewed every day. (The -q parameter is to run the command quietly in the background).


Posted

in

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *