Let’s Encrypt is a free, automated and open source SSL programme. Let’s Encrypt managed by the Internet Security Research Group (ISRG). After that lunch, It now powers millions of website.
To enable free HTTPS connection on your Linux hosted website, you need to install let’s encrypt. Let’s Encrypt is a Certificate Authority (CA) which will help you to get free SSL certificates needed for your server. With the help of this, the server can run securely.
Let’s Encrypt SSL allows you to encrypt the transaction your site free of charge. Let’s Encrypt makes it extremely easy to install the certificates on Ubuntu 14.04 and Ubuntu 16.04.
In this article, I will show you how to install and configure Let’s Encrypt SSL Certificate on Ubuntu 14.04 and Ubuntu 16.04. Before beginning installation, you need to know about SSL.
What is SSL and How it works?
Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. SSL is the backbone of our secure Internet and it protects your sensitive information as it travels across the world’s computer networks.
SSL certificate is very important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.
Let’s Encrypt SSL Installation on Ubuntu Server
In this tutorial, we will learn the entire process of installing the Let’s Encrypt SSL certificate on Ubuntu 14.04 and Ubuntu 16.04 and set up them on Apache web server and how to renew the certificate automatically. Let’s Start
Ubuntu 14.04 Let’s Encrypt SSL Installation:
Download the certbot-auto Let’s Encrypt client from the EFF download site to the /usr/local/sbin directory.
#sudo cd /usr/local/sbin #sudo wget https://dl.eff.org/certbot-auto
Set the required permission to the script.
#sudo chmod a+x /usr/local/sbin/certbot-auto
For generating SSL certificate make sure you have installed apache on your server. If you don’t have it then you need to install apache by typing following commands:
#sudo apt-get install apache2 #sudo service apache2 restart
Now, we will generate the SSL certificate for apache with the help of certbot-auto.
Now here you can generate SSL certificate for your domain name by typing following commands (Replace your domain name with example.com) :
#sudo certbot-auto --apache -d example.com
We can use let’s encrypt certificate for multiple domains and subdomains. The “first domain” name will be base domain and “second domain” will be bare top-level domain name as first in the list.
#sudo certbot-auto --apache -d example.com -d www.example.com
After entering this command you have to agree to the license and provide an email address for lost key recovery and notices. After that, you have to select one option between http and https.
You can choose https. Hyper Text Transfer Protocol Secure (HTTPS) it’s a secure version of HTTP. With the help of this protocol, the data will transfer securely between server and client computer. Once your installation finished, congratulation message will get displayed on your console.
Now view the file /etc/letsencrypt/live to find your Generated certificate.
#sudo ls /etc/letsencrypt/live
Now you need to test your SSL certificate to visit the following link;
Let’s Encrypt certificates expire after 90 days. So we should renew it after sometimes. And certificates should be renewed every 60 days. Now run auto renew command.
#sudo certbot-auto renew
Now create a cronjob for auto-renew let’s encrypt SSL certificate every week.
#sudo vim crontab -e
After this command one blank file will be open, you have to enter the following details to it and save:
**crontab** **15 5 * * 5 /usr/bin/certbot-auto renew >> /var/log/le-renew.log**
Save and exit.