Free SSL Certificate with Let’s Encrypt
If you have ever installed an SSL certificate you know that it can be a tedious process. Let’s Encrypt makes this easy. Just call the letsencrypt command from the terminal and point it at your domain.
Securing your website with a valid ssl certificate from a recognized and trusted vendor shows your website visitors that information transmitted between your site and their browser is encrypted. Now thanks to “Let’s Encryptâ€, and the “Internet Security Research Group (ISRG)†obtaining a certificate has never been easier or more affordable… can’t get cheaper than free.
Prerequisites
- Ubuntu 16.04 (Previous versions may work as well but I haven’t tested it. If you try it on 14.04 and it works let me know.)
- Apache – with a virtual host configured. See this post if you’re not sure how to set up Apache 2 with virtual hosts on Ubuntu.
- A domain name
- Root access to the web server
Install Let’s Encrypt Automated Tools
The best thing about Let’s Encrypt is that it provides fully automated tools that make setting up your secure site as easy as possible. No need to learn about openssl commands or obtaining CA certificates.
Install python-letsencrypt-apache
sudo apt update sudo apt install python-letsencrypt-apache
This will ask to install quite a few python libraries and tools, accept the installation by pressing “y†when prompted.
Configure your site for SSL
If you have ever installed an SSL certificate you know that it can be a tedious process. Let’s Encrypt makes this easy, just call the letsencrypt command from the terminal and point it at your domain. (Replace example.com with your own domain).
sudo letsencrypt --apache -d example.com -d www.example.com
The -d option specifies which domain or domains that you want to request an ssl certificate for.
At this point, you will be prompted to select the domain from the list of sites that are configured in the /etc/apache2/sites-enabled/ directory. If you already set up a virtual host you should see your site listed. Often letsencrypt will automatically detect your site based on the “ServerName†field in the virtual host configuration file.
Select your domain, chose https only or both http and https. I always choose https only since I don’t have any real need for http, but you have the option to use both.
Your SSL Certificate will be valid for 90 days, and can be easily renewed as follows.
sudo letsencrypt renew
You can run that now and it’s output should tell you that you have no certificates that need to be renewed. Let’s Encrypt recommends that you renew every 60 days.
Automate SSL Renewal with Cron
Automatically renewing your ssl can be done with a cron job. We will create a file in cron.weekly so that Let’s Encrypt will check once a week for sites that have a renewal available.
sudo vi /etc/cron.weekly/le-autorenew
Add the following to this file:
#!/bin/bash # #renew letsencrypt certificate and create log /usr/bin/letsencrypt renew >> /var/log/ssl-renew.log
If you are interested in learning more about Let’s Encrypt or some of their sponsors (which includes big names like Mozilla, Facebook, Cisco, and many more) you can visit them here: https://letsencrypt.org
Luke has an RHCSA for Red Hat Enterpirse Linux 7 and currently works as a Linux Systems Adminstrator in Ohio.
This post, re-published here with permission, was originally published on Luke’s site here.
Leave a Reply