Free SSL Certificate with Let’s Encrypt

By: Luke Rawlins Dec 3, 2016 | 3 minutes read
Share this:

Tags: Apache, letsencrypt, HTTPS, Linux, Ubuntu

Free SSL Certificate with Let’s Encrypt

If you have ever installed an SSL certificate you know that it can be a tedious process. Let’s Encrypt makes this easy. Just call the letsencrypt command from the terminal and point it at your domain.

letsencryptlogo

Securing your website with a valid ssl certificate from a recognized and trusted vendor shows your website visitors that information transmitted between your site and their browser is encrypted. Now thanks to “Let’s Encrypt”, and the “Internet Security Research Group (ISRG)” obtaining a certificate has never been easier or more affordable… can’t get cheaper than free.

Prerequisites

  * Ubuntu 16.04 (Previous versions may work as well but I haven’t tested it. If you try it on 14.04 and it works let me know.)
  * Apache – with a virtual host configured. See this [post](https://lukerawlins.com/ubuntu-14-04-web-server/) if you’re not sure how to set up Apache 2 with virtual hosts on Ubuntu.
  * A domain name
  * Root access to the web server

Install Let’s Encrypt Automated Tools

The best thing about Let’s Encrypt is that it provides fully automated tools that make setting up your secure site as easy as possible. No need to learn about openssl commands or obtaining CA certificates.

Install python-letsencrypt-apache

sudo apt update
sudo apt install python-letsencrypt-apache

This will ask to install quite a few python libraries and tools, accept the installation by pressing “y” when prompted.

Configure your site for SSL

https If you have ever installed an SSL certificate you know that it can be a tedious process. Let’s Encrypt makes this easy, just call the letsencrypt command from the terminal and point it at your domain. (Replace example.com with your own domain).

sudo letsencrypt --apache -d example.com -d www.example.com

The -d option specifies which domain or domains that you want to request an ssl certificate for.

At this point, you will be prompted to select the domain from the list of sites that are configured in the /etc/apache2/sites-enabled/ directory. If you already set up a virtual host you should see your site listed. Often letsencrypt will automatically detect your site based on the “ServerName” field in the virtual host configuration file.

Select your domain, chose https only or both http and https. I always choose https only since I don’t have any real need for http, but you have the option to use both.

Let’s Encrypt security options

Your SSL Certificate will be valid for 90 days, and can be easily renewed as follows.

sudo letsencrypt renew

You can run that now and it’s output should tell you that you have no certificates that need to be renewed. Let’s Encrypt recommends that you renew every 60 days.

Automate SSL Renewal with Cron

Automatically renewing your ssl can be done with a cron job. We will create a file in cron.weekly so that Let’s Encrypt will check once a week for sites that have a renewal available.

sudo vi /etc/cron.weekly/le-autorenew

Add the following to this file:

#!/bin/bash
#
#renew letsencrypt certificate and create log
/usr/bin/letsencrypt renew >> /var/log/ssl-renew.log

If you are interested in learning more about Let’s Encrypt or some of their sponsors (which includes big names like Mozilla, Facebook, Cisco, and many more) you can visit them here: https://letsencrypt.org

Related Posts


Change the Default Text Editor in Ubuntu

Change the Default Text Editor in Ubuntu So I’m a huge advocate of Ubuntu. It has long term support releases, more packages than you would ever need, free online unattended patching, and you always have an in-place upgrade path to the next LTS version. What more could you ask for? I’d like to ask that nano lose its privileged status as the default text editor! When making changes to sudoers, passwd, or group files you should really be using the built-in tools visudo, vipw, and vigr. Read more

Bruh, do you even live patch?

Patching is arguably the single most important thing you can do to keep your systems secure. It’s also tedious, boring work that ends with everyone’s least favorite activity…. rebooting some indispensable, far too important for downtime server. Often meaning that patching takes a back seat to convenience, but no more! Starting with Ubuntu 16.04, and continuing on to the latest LTS Ubuntu 18.04 you can now update the kernel on a live system without a reboot. Read more

Passwordless login with SSH Keygen

What is a rsa key? RSA keys are a public key encryption method that keeps a private key on the host computer, and a public key on other machines. The public key is generated by a mathematical algorithm that can only be de-crypted with the private key. As long as the private key is kept confidential use of the keys is secure.Why use rsa keys? rsa keys are secure The keys are secure because they can be encrypted on a users computer protecting the key from falling into the wrong hands, like a password printed on a sticky note and place on your desk. Read more


Contact

If you’d like to get in touch, contact with me via email - or follow on Twitter.

[email protected]