How To install SSL certificate with Let's Encrypt in Ubuntu
While many web hosting providers provide paid SSL certificate to your server, you can also install ssl certificate using command line by own.
Let’s Encrypt provides free SSL certificate. You can simply install SSL certificate using any software clients.
In this article, we will use Certbot software client to install free SSL certificate for Apache on Ubuntu server. We will set certificate renewal automatically.
Note: Before procedding to installation, make sure you have already installed Apache web server. You should also have your domain with A DNS records set to point your server ip address. You should be logged in to your server.
First of all, we need certbot software client installed on your server. To install it, run the bellow command.
sudo apt update
sudo apt install certbot python3-certbot-apache
Now you need to check and confirm your apache configuration for domain. Your apache default configuration file located at /etc/apache2/sites-enabled/000-default.conf. Open the file in nano editor with below command.
sudo nano /etc/apache2/sites-enabled/000-default.conf
Now confirm you have set ServerName and ServerAlias to your domain.
...
ServerName hackthestuff.com
ServerAlias www.hackthestuff.com
...
Now we will proceed for certificate installation. Run the below command and it will start installation wizard with asking few questions.
sudo certbot --apache
First it will ask for email address. Input the email address where you want to receive all certificate related mails and continue with ENTER.
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
Next it will ask to accept Terms of Service. You can accept it by pressing A and then hit ENTER.
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel:
Now it will ask your email to subscribe Electronic Frontier Foundation. You can simply press Y for Yes or N for No and hit ENTER.
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:
In the next step, it will ask your domains to activate for https. You can select domains with comma seperated or leave blank to select all domain and hit ENTER.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: hackthestuff.com
2: www.hackthestuff.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
This will print below line of certification create.
Performing the following challenges:
http-01 challenge for hackthestuff.com
http-01 challenge for www.hackthestuff.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-enabled/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
In the last step, it will ask whether you want to forcefully redirect http traffic to https or not. Select 2 option to enable the redirection and press ENTER.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
You will see successfully installation message.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://hackthestuff.com and
https://www.hackthestuff.com
...
Now you can open your website using https:// in the new browser tab. If you see green indicator, it means the certificate is installed successfully to your server. The certbot will automatically renew certificate before it expires.
Copyright 2024 ErrorGram