Authors: Luke Rawlins
NOTE: While this may still work the information is out of date.
Please see the instructions found here eff.org for more up-to-date instructions.
If you have ever installed an SSL certificate you know that it can be a tedious process. Let’s Encrypt makes this easy. Just call the letsencrypt command from the terminal and point it at your domain.
Securing your website with a valid ssl certificate from a recognized and trusted vendor shows your website visitors that information transmitted between your site and their browser is encrypted. Now thanks to “Let’s Encrypt”, and the “Internet Security Research Group (ISRG)” obtaining a certificate has never been easier or more affordable… can’t get cheaper than free.
The best thing about Let’s Encrypt is that it provides fully automated tools that make setting up your secure site as easy as possible. No need to learn about openssl commands or obtaining CA certificates.
sudo apt update sudo apt install python-letsencrypt-apache
This will ask to install quite a few python libraries and tools, accept the installation by pressing “y” when prompted.
If you have ever installed an SSL certificate you know that it can be a tedious process. Let’s Encrypt makes this easy, just call the letsencrypt command from the terminal and point it at your domain. (Replace example.com with your own domain).
sudo letsencrypt --apache -d example.com -d www.example.com
option specifies which domain or domains that you want to request an ssl certificate for.
At this point, you will be prompted to select the domain from the list of sites that are configured in the /etc/apache2/sites-enabled/ directory. If you already set up a virtual host you should see your site listed. Often letsencrypt will automatically detect your site based on the “ServerName” field in the virtual host configuration file.
Select your domain, chose https only or both http and https. I always choose https only since I don’t have any real need for http, but you have the option to use both.
Your SSL Certificate will be valid for 90 days, and can be easily renewed as follows.
sudo letsencrypt renew
You can run that now and it’s output should tell you that you have no certificates that need to be renewed. Let’s Encrypt recommends that you renew every 60 days.
Automatically renewing your ssl can be done with a cron job. We will create a file in cron.weekly so that Let’s Encrypt will check once a week for sites that have a renewal available.
sudo vi /etc/cron.weekly/le-autorenew
Add the following to this file:
#!/bin/bash # #renew letsencrypt certificate and create log /usr/bin/letsencrypt renew >> /var/log/ssl-renew.log
If you are interested in learning more about Let’s Encrypt or some of their sponsors (which includes big names like Mozilla, Facebook, Cisco, and many more) you can visit them here: https://letsencrypt.org